Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-14265

Enabling XSRF protection in Bamboo causes the Stash build Post-Receive WebHook request to fail

    XMLWordPrintable

Details

    • Bug
    • Resolution: Answered
    • Low
    • None
    • 5.3
    • None

    Description

      As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails:

      Bamboo Log:
      2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE
2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
	at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
	at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	...

2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
	at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
	at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	...

      After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.

      Attachments

        Issue Links

          relates to

          Suggestion - BSERV-4355 No way to set XSRF check header in post receive web hook

          • Closed

          Activity

            People

              Unassigned Unassigned
              12b7995459dd David Robakowski
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: