I currently installing
camunda-bpm-wildfly-7.10.0 on Wildfly and run into a user session problem: The session is lost e.g at the
XHR POST request invoked by pressing create user at the add new user form. By help of the Firefox Developer Tools I was able to see the anwer telling about a wrong
- The issue vanishes if I disable the CSRF filter at
web.xml. The filter feature seems to be introduced with
- In conjunction with an request header entry
X-XSRF-TOKEN, I notice even two additional entries called
Cookie:-header entry. Maybe the filter is confused by this.
@Camunda: Please verify this issue. If you provide a bugfix as a classfile for
org.camunda.bpm.webapp.impl.security.filter.CsrfPreventionFilter , I may test it.