Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Obsolete
Priority: Low
Fix Version/s: 7.0.0
Affects Version/s: 6.4.12
Component/s: REST API
Labels:
- affects-server

Introduced in Version:
6.04
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

JIRA throws a XSRF Check Failed during POST request types using CORS

Steps to Reproduce

1. Add domain to whitelist rule for domain to accept incoming requests

2. Create Issue with REST API (for example by using Postman Interceptor) and set 'Origin' header to same domain as the one added to whitelist

Expected Results

Issue created successfully

Actual Results

HTTP response:

XSRF check failed

The following is seen in atlassian-jira.log:

2016-01-27 09:58:41,382 http-bio-8080-exec-17 WARN admin 598x202x1 gmldrg 0:0:0:0:0:0:0:1 /rest/api/2/issue [common.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:8080/6412/rest/api/2/issue , origin: http://www.com , referrer: null , credentials in request: true , allowed via CORS: false

Notes

Only reproduced in JIRA 6.4.12

Workaround

set Origin equal to BaseUrl

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

whitelist.png
143 kB
27/Jan/2016 3:59 PM
postman.png
141 kB
27/Jan/2016 4:01 PM

Issue Links

is related to

JRASERVER-45378 Update the atlassian-whitelist plugin to a version >= 1.16 to fix https://ecosystem.atlassian.net/browse/AW-5

Closed

is caused by: AW-5 Loading...

Wiki Page: Wiki Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Pelle Kirkeby (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 26/Jan/2016 11:37 PM

Updated:: 28/Mar/2019 12:19 AM

Resolved:: 28/Jan/2016 11:11 PM