Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-59551

XSRF Check failed during CORS request

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Low Low
    • 7.0.0
    • 6.4.12
    • REST API

      Summary

      JIRA throws a XSRF Check Failed during POST request types using CORS

      Steps to Reproduce

      1. Add domain to whitelist rule for domain to accept incoming requests

      2. Create Issue with REST API (for example by using Postman Interceptor) and set 'Origin' header to same domain as the one added to whitelist

      Expected Results

      • Issue created successfully

      Actual Results

      HTTP response:

      XSRF check failed

      The following is seen in atlassian-jira.log:

      2016-01-27 09:58:41,382 http-bio-8080-exec-17 WARN admin 598x202x1 gmldrg 0:0:0:0:0:0:0:1 /rest/api/2/issue [common.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:8080/6412/rest/api/2/issue , origin: http://www.com , referrer: null , credentials in request: true , allowed via CORS: false

      Notes

      • Only reproduced in JIRA 6.4.12

      Workaround

      • set Origin equal to BaseUrl

        1. postman.png
          141 kB
          Pelle Kirkeby
        2. whitelist.png
          143 kB
          Pelle Kirkeby

              Unassigned Unassigned
              pkirkeby Pelle Kirkeby (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: