When passing from apache using a proxy to tomcat, a token will be issued, but you will still get a csrf alert, and not be able to create users.
I was helping a user, and had some time to verify this. I was able to
verify all of this information, and I do have the token.
It looks like this information isn't picked up when possibly using apache with passing through a proxy. That is our current setup where
this isn't working. Going directly to the application via
http://localhost:8080/jasperserver is fine, however If I have a hostname and passto a port via proxy pass module for Apache, then it seems that is triggering a "security violation" of sorts.
In the above example, I received a token in both cases: