Hi! This is the form: https://thevegcat.com/suggest
13 fields are visible plus file field and few are hidden fields including csrf token - nothing special or extreme. Web app is published 6 years ago and all those years there was no trouble at all. BR, Hrvoje *TheVegCat.com <https://thevegcat.com/>* *VegCook.net <https://vegcook.net/>* *horvoje.net <https://horvoje.net/>* On Wed, 9 Jul 2025, 16:14 Christopher Schultz, <ch...@christopherschultz.net> wrote: > Hrvoje, > > On 7/6/25 7:33 AM, Hrvoje Lončar wrote: > > After recent Tomcat security changes, my POST request are failing > > but not all the time. The problem is that the same request sometimes > > ends up with an error and sometimes not. > > > > Tomcat is 10.0.42 protected by nginx which handles SSL certificate and > > forwards dynamic requests to Tomcat.> > > [snip] > > > > <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" > > redirectPort="8443" maxParameterCount="1000" maxPartCount="1000"/> > > Are you anywhere near approaching your parameter limit of 1000? > > Is the nginx access log showing the _csrf parameters in the URL? How > about the Tomcat log? > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
