You have not correctly configured the CSRF filter parameters in alfresco-global.properties. It looks though since you have already modified the csrf.filter.referer and csrf.filter.origin values to use your domain name, but you have not accounted for the http vs https difference on your reverse proxy. Since those two properties technically hold regular expressions, you should be able to work with the following values

csrf.filter.referer=^https?://app\.processoverde\.com\.br(?:$|/.+$)
csrf.filter.origin=^https?://app\.processoverde\.com\.br(?:$|/.+$)

Hi afaust Master,
I added the parameters in the global properties.

The same error occurred:

HTTP Status 500 - Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-tenantconsole :: referer: 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole' vs server & context: http://app.processoverde.com.br/ (string) or (regexp)

type Exception report

message Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-tenantconsole :: referer: 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole' vs server & context: http://app.processoverde.com.br/ (string) or (regexp)

description The server encountered an internal error that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-tenantconsole :: referer: 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole' vs server & context: http://app.processoverde.com.br/ (string) or (regexp)
org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1017)
org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:312)
org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)

note The full stack trace of the root cause is available in the Apache Tomcat/8.0.50 logs.
Apache Tomcat/8.0.50

See the catalina.out log

2020-07-09 17:17:15,429 INFO [webscripts.servlet.CSRFFilter] [http-nio-8080-exec-34] Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole
jul 09, 2020 5:17:15 PM org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Servlet.service() for servlet [apiServlet] in context with path [/alfresco] threw exception [Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-tenantconsole :: referer: 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole' vs server & context: http://app.processoverde.com.br/ (string) or (regexp)] with root cause
javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole'. Request: POST /alfresco/s/admin/admin-tenantconsole, FAILED TEST: Assert referer POST /alfresco/s/admin/admin-tenantconsole :: referer: 'https://app.processoverde.com.br/alfresco/s/admin/admin-tenantconsole' vs server & context: http://app.processoverde.com.br/ (string) or (regexp)
at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1017)
at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:312)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Anything else that can be done?
Thanks a lot!
José Roberto

It does not look like your configuration took effect - at least the error messages do not show that the configuration values I provided are being used.

Hi afaust,
I left the alfresco service.
Anything else that needs to be done?
Thanks a lot!
José Roberto.