I add that I noticed on the “web.xml” file of Tomcat 9.0 that there are the following lines of filters that limit the blocks of POST requests such as CORS/CSRF filters:
<!--
REST CSRF validation filter. Remove the following filter and filter mappings to disable CSRF validation for
REST apis.
-->
<filter>
<filter-name>restCsrfValidationFilter</filter-name>
<filter-class>
sailpoint.rest.RestCsrfValidationFilter
</filter-class>
<!-- The list of GET paths to ignore in Csrf validation. Note: POST and PUT paths are never ignored. -->
<init-param>
<param-name>ignoredPaths</param-name>
<param-value>/rest/report, /rest/image, /ui/rest/redirect, /ui/rest/certifications/export, ui/rest/redirect/hash, /ui/rest/accessHistory/export</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>restCsrfValidationFilter</filter-name>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>restCsrfValidationFilter</filter-name>
<url-pattern>/ui/rest/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>restCsrfValidationFilter</filter-name>
<url-pattern>/plugin/rest/*</url-pattern>
</filter-mapping>
Reading the following comment “” these lines could continue to block only POST (and PUT) calls ?? what should be added to the filters to be able to correctly perform POST calls on the Sailpoint plugin without blocks? I noticed online the following suggestion, to add the following filters or just add a specific parameter on the filters that I already have on the web.xml file.
<filter>
<filter-name>CSRFProtectionFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>enabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>