Hrvoje,
On 7/9/25 1:04 PM, Hrvoje Lončar wrote:
This is the form:
https://thevegcat.com/suggest
13 fields are visible plus file field and few are hidden fields including
csrf token - nothing special or extreme.
Web app is published 6 years ago and all those years there was no trouble
at all.
Which exact version of Tomcat is being used?
Thanks,
-chris
On Wed, 9 Jul 2025, 16:14 Christopher Schultz, <ch...@christopherschultz.net>
wrote:
Hrvoje,
On 7/6/25 7:33 AM, Hrvoje Lončar wrote:
> After recent Tomcat security changes, my POST request are failing
> but not all the time. The problem is that the same request sometimes
> ends up with an error and sometimes not.
>
> Tomcat is 10.0.42 protected by nginx which handles SSL certificate and
> forwards dynamic requests to Tomcat.>
> [snip]
>
> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
> redirectPort="8443" maxParameterCount="1000" maxPartCount="1000"/>
Are you anywhere near approaching your parameter limit of 1000?
Is the nginx access log showing the _csrf parameters in the URL? How
about the Tomcat log?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
