Issue with CSRF Prevention filter of camunda-bpm-wildfly-7.10.0


#1

I currently installing camunda-bpm-wildfly-7.10.0 on Wildfly and run into a user session problem: The session is lost e.g at the XHR POST request invoked by pressing create user at the add new user form. By help of the Firefox Developer Tools I was able to see the anwer telling about a wrong XSRF-TOKEN.

  • The issue vanishes if I disable the CSRF filter at web.xml. The filter feature seems to be introduced with >=7.9
  • In conjunction with an request header entry X-XSRF-TOKEN, I notice even two additional entries called XSRF-TOKEN in the Cookie:-header entry. Maybe the filter is confused by this.

@Camunda: Please verify this issue. If you provide a bugfix as a classfile for org.camunda.bpm.webapp.impl.security.filter.CsrfPreventionFilter , I may test it.