Can't get frontend started after upgrade to v24

I’m in the process of a major update to my Vaadin app. In order to upgrade v22 to 24, I am also updating:
Spring Boot
Spring Framework
several other relatively minor libraries/plugins

I’ve made all these updates and now my server starts up but the frontend doesn’t load. I don’t get any “Front end starting” message in my logs, and when I try to navigate to the app in the browser I get a blank screen (though the page title does appear in the browser tab) and a loading bar that never completes. I’ve been messing with the security configuration based on the information on the page below and I get HTTP 403 errors as expected for urls set to be denied, but all others result in the blank screen. So, for example, if my configuration is as below, /test urls get the blank screen, all others get HTTP 403.

public class SecurityConfiguration extends VaadinWebSecurity


protected void configure(HttpSecurity http) throws Exception {

    http.authorizeHttpRequests(auth -> {


Can anyone suggest a fix or further troubleshooting steps?

I also tried doing security config as suggested by Spring here:

you are Missing the call to super

Thanks, but with that call added I still can’t load the app.

that is, I still get the blank page/loading bar

You can also enable security debugging to see exactly what’s missing

Impossible to say for us without seeing the full picture

How can I do that?

I’m searching through Vaadin documentation but haven’t found a way to do it yet.

That’s not related to Vaadin, but your security framework->spring

Thanks, will mess around with this for a bit.

Here’s some debug info from my logs.
security_debug.txt (53.4 KB)

I’m not seeing any obvious problems here.

But, I noticed something else that may be relevant.

from my browser console:

generated-flow-imports-pfR9vPic.js:17336 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading ‘split’)
at generated-flow-imports-pfR9vPic.js:17336:281
at generated-flow-imports-pfR9vPic.js:17336:36
at generated-flow-imports-pfR9vPic.js:17336:63
at generated-flow-imports-pfR9vPic.js:17336:195958
at generated-flow-imports-pfR9vPic.js:1:142
at generated-flow-imports-pfR9vPic.js:17374:6490

I found a stack overflow post describing a problem similar to mine including this error.

Unfortunately, there’s no answer provided.

oh, there is a line in the logs referring to that file:
2024-02-22T16:17:18.669-05:00 DEBUG 20722 --- [nio-5000-exec-1] : Securing GET /VAADIN/build/generated-flow-imports-pfR9vPic.js

[nio-5000-exec-9]         : Invalid CSRF token found for http://localhost:5000/VAADIN/push?v-r=push&debug_window&token=4b4f5b6f-ba06-4d8e-a489-3b5037b86853&X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=92e04cfb-161b-4655-bc7b-9d20bffb4822
2024-02-22T16:17:18.582-05:00 DEBUG 20722 --- [nio-5000-exec-9] o.s.s.w.access.AccessDeniedHandlerImpl   : Responding with 403 status code