Summary

Refresh icon in Application Navigator throws a Javascript error and refresh does not complete

Environment

• Confluence v6.0.4 and 6.4.2

Steps to Reproduce

• go to Confluence administration >> Administration >> Application Navigator
• hit spin icon

Expected Results

• Cache should be refreshed

Actual Results

• The following error gets thrown in the web browser's console:

  Request URL:http://localhost:8090/rest/capabilities-consumer/1.0/admin/refreshcache
  Request Method:POST
  Status Code:403 Forbidden
  
  XSRF check failed
  

• The following gets thrown in <confluence-home>/logs/atlassian-confluence.log when org.apache.http.wire is enabled as DEBUG:

  2017-10-18 10:47:47,658 WARN [http-nio-8090-exec-8] [common.security.jersey.XsrfResourceFilter] passesAllXsrfChecks XSRF checks failed for request: http://localhost:8090/rest/capabilities-consumer/1.0/admin/refreshcache , origin: http://localhost:8090 , referrer: http://localhost:8090/plugins/servlet/customize-application-navigator
   -- referer: http://localhost:8090/plugins/servlet/customize-application-navigator | url: /rest/capabilities-consumer/1.0/admin/refreshcache | traceId: 6d8b0be89d17d171 | userName: admin
  2017-10-18 10:47:49,538 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "GET /synchrony/heartbeat HTTP/1.1[\r][\n]"
  2017-10-18 10:47:49,539 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "Host: 127.0.0.1:8091[\r][\n]"
  2017-10-18 10:47:49,539 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "Connection: Keep-Alive[\r][\n]"
  2017-10-18 10:47:49,539 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "User-Agent: Apache-HttpClient/4.4.1 (Java/1.8.0_73)[\r][\n]"
  2017-10-18 10:47:49,539 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "Accept-Encoding: gzip,deflate[\r][\n]"
  2017-10-18 10:47:49,539 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 >> "[\r][\n]"
  2017-10-18 10:47:49,542 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "HTTP/1.1 200 OK[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Content-Type: text/plain[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Date: Wed, 18 Oct 2017 12:47:49 GMT[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Access-Control-Allow-Origin: *[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Access-Control-Allow-Headers: content-type, accept, x-token, x-atlassian-mau-ignore[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Access-Control-Max-Age: 86400[\r][\n]"
  2017-10-18 10:47:49,543 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "Content-Length: 3[\r][\n]"
  2017-10-18 10:47:49,544 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "[\r][\n]"
  2017-10-18 10:47:49,544 DEBUG [Caesium-1-4] [org.apache.http.wire] wire http-outgoing-28 << "OK[\n]"
  

Notes

@POST
@Path("/refreshcache")
@Produces(MediaType.TEXT_PLAIN)
@Consumes(MediaType.APPLICATION_JSON)
public Response clearCaches(@Context HttpServletRequest request) {
    final String user = userManager.getRemoteUsername(request);
    if (!userManager.isAdmin(user)) {
        return Response.status(Response.Status.FORBIDDEN).entity(format("User %s does not have admin permission.", user)).build();
    }
    return rebuildCaches();
}

Call expects Content-type of type application/json, however, its Javascript call is not providing the requested:

AJS.$.ajax({
     url: AJS.contextPath() + "/rest/capabilities-consumer/1.0/admin/refreshcache",
     type: "POST",
     success: function () {

Workaround - 1

• go to <confluence-install>/confluence/WEB-INF/atlassian-bundled-plugins
• BACKUP atlassian-nav-links-plugin-4.3.0.jar by copying it to a location outside Confluence's directories
• extract atlassian-nav-links-plugin-4.3.0.jar:

  jar xf atlassian-nav-links-plugin-4.3.0.jar customapps/custom-apps-admin-ui.js
  jar xf atlassian-nav-links-plugin-4.3.0.jar customapps/custom-apps-admin-ui-min.js
  

• find the following section in customapps/custom-apps-admin-ui.js:

  AJS.$.ajax({
       url: AJS.contextPath() + "/rest/capabilities-consumer/1.0/admin/refreshcache",
       type: "POST",
       success: function () {
  

• edit the above, having the following as result:

  AJS.$.ajax({
       url: AJS.contextPath() + "/rest/capabilities-consumer/1.0/admin/refreshcache",
       type: "POST",
       headers: {
           "Content-type": "application/json"
       },
       success: function () {
  

• find the following section in customapps/custom-apps-admin-ui-min.js:

  url:AJS.contextPath()+"/rest/capabilities-consumer/1.0/admin/refreshcache",type:"POST"
  

• edit the above, having the following as result:

  url:AJS.contextPath()+"/rest/capabilities-consumer/1.0/admin/refreshcache",headers:{"Content-type":"application/json"},type:"POST"
  

• place changes back to atlassian-nav-links-plugin-4.3.0.jar:

  jar uf atlassian-nav-links-plugin-4.3.0.jar customapps/custom-apps-admin-ui.js
  jar uf atlassian-nav-links-plugin-4.3.0.jar customapps/custom-apps-admin-ui-min.js
  

• remove customapps/custom-apps-admin-ui.js from <confluence-install>/confluence/WEB-INF/atlassian-bundled-plugins
• go to <confluence-home>/plugins-osgi-cache/transformed-plugins/ and delete atlassian-nav-links-plugin-4.3.0_1484535326000.jar.jar
  1484535326000 is a timestamp in which will differ from the example given.
• restart Confluence

Workaround - 2

Just refresh the Application Navigator page by hitting F5 in your browser.