Loading...

XML

Word

Printable

Type: Bug
Resolution: Answered
Priority: Low
Fix Version/s: None
Affects Version/s: 5.3
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

As already detailed in ~~BAM-14129~~, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails:

Bamboo Log:

2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE
2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
	at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
	at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	...

2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown.
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
	at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
	at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
	at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
	...

After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.

relates to

BSERV-4355 No way to set XSRF check header in post receive web hook

Closed

Assignee:: Unassigned

Reporter:: David Robakowski

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 03/Feb/2014 8:51 PM

Updated:: 19/Aug/2019 2:03 AM

Resolved:: 07/Feb/2014 4:31 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates