Invalid CSRF Token warnings appear in the logs, if
portlet.url.anchor.enable=true is set in portal-ext.properties.
User 20127 is not allowed to access URL http://localhost:8080/web/guest/home and portlet com_liferay_message_boards_web_portlet_MBPortlet: User 20127 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper
- Liferay DXP 7.2
This should be fixed in DXP 7.2 FP5+ (liferay-fixpack-dxp-5-7210) by LPS-109009.
If this specific error appears without setting the above property in portal-ext.properties, then the following action should solve the problem:
com.liferay.portal.upload.internal.configuration.UploadServletRequestConfigurationconfig file from osgi/config folder and this row from the configuration_ table in the database, then setting manually a higher value for "Overall Maximum Upload Request Size" in "Control Panel → Configuration → System Settings → Infrastructure → Upload Servlet Request" section.