Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bamboo 6.10.3 XSRF protection with Apache proxy and HttpOnly and Secure flag in a cookie error

Greg Wajszczuk February 4, 2020

I have a Bamboo 6.10.3 server installed with XSRF protection enabled, sitting behind Apache proxy. Everything works fine untill I add the header  below to  vhost config file 

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

It would not allow me do add users to groups and when I choose to log our I am getting this error

XSRF token validation failed

Unable to access this resource due to a failed XSRF check. Please ensure that a valid XSRF token is provided in the request.

Error code: XSRF_FAILURE_BAD_TOKEN

 

My connector looks like this 

<Connector port="8085"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
secure="true"
scheme="https"
proxyName="bamboo.domain.com"
proxyPort="443" />

 

And this is my apache  proxy configuration 

ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine On
ProxyPass / http://localhost:8085/ connectiontimeout=5 timeout=300
ProxyPassReverse / http://localhost:8085/

been following this howto

https://confluence.atlassian.com/bamboo/securing-bamboo-with-apache-using-ssl-391087437.html

Similar apache config files work with Bitbucket, Jira, Confluence without a problem 

 

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events