Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

XSRF Check failed during POST to Bamboo API

I am trying to develop an interface to the Bamboo API and all GET requests are working but when I try to make a POST to trigger a deployment I get a 403 error response with the message "XSRF check failed."

I have tried turning off the Enable XSRF Protection option in Bamboo security settings and restarting the Bamboo service, but that change has had no effect. (per the instructions in this article:\).

Why does that setting in Bamboo have no effect?  

1 answer

1 accepted

0 votes
Answer accepted

Hello @Jeremy Skinner welcome to the community! 

Did you try to add either `X-Atlassian-Token: no-check` or `Content-type: application/json` to these requests?

Did adding those help?

I did try adding both of those headers but the issue persisted.  I'm trying to make the request through a browser application (Angular), and it is my understanding that the browser removes the arbitrary Atlassian headers. 


I'd like to understand why changing the setting in Bamboo does not resolve the issue.  According to the confluence article I referenced that should have removed the XSRF requirement.

Ok, I think I overlooked that you mentioned "develop an interface", I thought you were executing simple REST calls. You are actually making these requests from the browser and having "Additional XSRF checks..." error, correct?

If so, what is happening is that the CORS filter blocking requests from a different domain (your application is definitely not on the same domain as Bamboo).

To fix that, you need to configure Tomcat to handle these connections from a different domain, you can find more details here. Also, Tomcat documentation.

Please let me know if that helped you.

That makes sense, I already had to set up some filtering just to get the GET requests to pass through CORS.  Then I ran into this issue again when I tried to send a POST.


In any case my application ended up needing some more back end functionality so I've created a .NET Core app that my UI connects to, and I can send the Bamboo requests from the back end with no issue.  


Thanks for your help!

Like Victor Debone likes this

Glad to help :)

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events