Tomcat WAR deployment failed with CSRF error

When we try to deploy a WAR file on external tomcat server, sometimes the deployment may fail with the below error.

CSRF stands for Cross Site Request Forgery.

This is one of the filters that prevent CSRF attack on the tomcat server.

Recreate the issue

Let's try to recreate this issue before discussing about how we can fix it.

Step 1: Try to deploy a WAR file on external tomcat server.

Step 2: Deployment failed with the CSRF error

Fix the issue

We get this error when we try to deploy a WAR file with size greater than the maximum upload file size defined within the tomcat manager application.

So, the solution is to update the respective property to increase the maximum file size to something greater than the WAR file size.

• Example: If the upload WAR file size is 70 MB, update the maximum file size to 100MB to resolve this issue.

The default maximum file size if 50MB, and it can be updated in the file located in the tomcat installation directory as mentioned below.

• C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\manager\WEB-INF\web.xml

In the below snapshot, the value is updated to 152428800 from 52428800 (for 50MB) against both <max-file-size> and <max-request-size> to increase both file and request sizes.

Retry WAR Deployment

After making the above discussed update in the web.xml file within the tomcat manager application configuration, retry deplyoying the same WAR file using the manager application.

This time, the deployment is successful without any CSRF issues.

Conclusion

We now know how to fix CSRF issue that may occur during WAR deployment using manager application on external tomcat server.