When we are trying to make api calls to bamboo we get the following response
curl -k 'https://bambooxxxxxxx/rest/api/latest/deploy/project/all' -u username:password
<html>
<head>
<title>Internal server error</title>
<meta name="decorator" content="install" />
</head>
<body>
<h1>Internal server error</h1>
<h4>Go to...</h4>
<ul>
<li><a href="/">Site homepage</a></li>
</ul>
A system error has occurred - our apologies!
<p>
Please create a problem report on our <b>support system</b> at <a href="https://support.atlassian.com/contact/">https://support.atlassian.com</a> with the following information:
<ol class="standard">
<li>a description of your problem and what you were doing at the time it occurred
<li>cut & paste the error and system information found below
<li>attach the <strong>atlassian-bamboo.log</strong> log file found in your application home.
</ol>
We will respond as promptly as possible.<br/>Thank you!
</p>
<p>
<b>Version:</b> 6.9.1<br>
<b>Build:</b> 60910<br>
<b>Build Date:</b> 04 Jun 2019
</p>
<h4>Request information:</h4>
<ul class="standard">
<li>Request URL: https://bambooxxxxxx/500.action</li>
<li>Scheme: https</li>
<li>Server: bamboo-corp.ews.int</li>
<li>Port: 443</li>
<li>URI: /500.action</li>
<li>Context path: </li>
<li>Servlet path: /500.action</li>
<li>Path info: </li>
<li>Query string: </li>
</ul>
<p>
<b>Stack Trace:</b>
java.lang.IllegalStateException: XSRF: A mutative operation was attempted on InternalMembership within a non-mutative HTTP request: https://bambooxxxxx/rest/api/latest/deploy/ : [null]->
->[[386695185, 328237456, GROUP_USER, GROUP, KeyLight_Access, keylight_access, , 2021-01-21 11:20:59.162, com.atlassian.crowd.model.directory.DirectoryImpl$HibernateProxy$xJR7flyF@4db106e7[lowerName=crowd repository,description=
This seems to be related to an XSRF bug that has by chance just been fixed and published in Bamboo 7.2.2 yesterday:
If you are unable to upgrade to Bamboo 7.2.2 right away, the issue lists two workarounds:
Workaround 1
Use Personal Access Tokens to authenticate with the API instead:
Workaround 2
Login as the user via the UI so that updates are performed. REST calls will now work until theres another change to the user or their group membership.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.