Atlassian rest implemented origin CSRF/XSRF checks that are performed against known browsers. JIRA should implement similar checks for CSRF protected actions. Implementation details for the way atlassian-rest implemented the origin csrf/xsrf check can be found in the https://ecosystem.atlassian.net/browse/REST-339, https://ecosystem.atlassian.net/browse/REST-343, https://bitbucket.org/atlassian/atlassian-rest/src/master/atlassian-rest-common/src/main/java/com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.java and https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html