Thank you very much Mark ThomasThat was the case :( Absolutely weird to make such a major change in a minor release from NN.MM.39 to NN.MM.42
On Fri, Jun 20, 2025 at 10:01 AM Mark Thomas <ma...@apache.org> wrote: > On 20/06/2025 02:07, Hrvoje Lončar wrote: > > Hi! > > > > Hope it's the right place to ask for help or/and advice. > > Few days ago I switched to latest Tomcat 10.1.42. > > After deyploy POST is not working due to missing CSRF token. > > When I inspect HTTP request, CSRF token is in a payload as "_csrf" and > the > > value is correct. > > But at the backend side I get > > > > * AccessDeniedException = Invalid CSRF Token 'null' was found on the > > request parameter '_csrf' or header 'X-XSRF-TOKEN'.* > > > > Everything works fine with 10.1.39. > > To be sure tried on 2 different Ubuntu servers - test and production > > instance. > > > > Anyone else having the same problem? > > Maybe related to: > > https://bz.apache.org/bugzilla/show_bug.cgi?id=69710 > > Try setting maxPartCount on the connector but be aware of DoS risks as > the value gets higher. > > Mark > > > > > > Some technical info: > > - Ubuntu 24.04.2 LTS > > - nginx/1.27.5 to handle SSL certificate > > - Apache Tomcat 10.1.39 and 10.1.42 > > - Java 21 > > - Spring Boot 3.5.0 > > > > Thanks! > > > > BR, > > Hrvoje > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- *TheVegCat.com <https://thevegcat.com/>* *VegCook.net <https://vegcook.net/>* *horvoje.net <https://horvoje.net/>*
