Details
-
Bug
-
Resolution: Obsolete
-
Low
-
6.4.12
-
6.04
-
Description
Summary
JIRA throws a XSRF Check Failed during POST request types using CORS
Steps to Reproduce
1. Add domain to whitelist rule for domain to accept incoming requests
2. Create Issue with REST API (for example by using Postman Interceptor) and set 'Origin' header to same domain as the one added to whitelist
Expected Results
- Issue created successfully
Actual Results
HTTP response:
XSRF check failed
The following is seen in atlassian-jira.log:
2016-01-27 09:58:41,382 http-bio-8080-exec-17 WARN admin 598x202x1 gmldrg 0:0:0:0:0:0:0:1 /rest/api/2/issue [common.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:8080/6412/rest/api/2/issue , origin: http://www.com , referrer: null , credentials in request: true , allowed via CORS: false
Notes
- Only reproduced in JIRA 6.4.12
Workaround
- set Origin equal to BaseUrl
Attachments
Issue Links
- is related to
-
JRASERVER-45378 Update the atlassian-whitelist plugin to a version >= 1.16 to fix https://ecosystem.atlassian.net/browse/AW-5
- Closed
- is caused by
-
AW-5 Loading...
- Wiki Page
-
Wiki Page Loading...