Hi! After recent Tomcat security changes, my POST request are failing but not all the time. The problem is that the same request sometimes ends up with an error and sometimes not.
Tomcat is 10.0.42 protected by nginx which handles SSL certificate and forwards dynamic requests to Tomcat. Java exception: *2025-07-05 11:26:45,649 INFO (HttpSecurityConfig.java:210) [WEB_SECURITY] CustomAccessDeniedHandler: Unauthorized access; URI = /suggest; URL = http://thevegcat.com/suggest <http://thevegcat.com/suggest>; AccessDeniedException = Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.org.springframework.security.web.csrf.InvalidCsrfTokenException: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'. at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:129)* ...which tells me CSRF field of POST request was chopped out of request. Below is my server.xml *<?xml version="1.0" encoding="UTF-8"?><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <Listener className="org.apache.catalina.core.AprLifecycleListener"/> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFact> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxParameterCount="1000" maxPartCount="1000"/> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b"/> </Host> </Engine> </Service></Server>* Thanks! -- *TheVegCat.com <https://thevegcat.com/>* *VegCook.net <https://vegcook.net/>* *horvoje.net <https://horvoje.net/>*
