Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

XSRF Check failed during POST to Bamboo API

I am trying to develop an interface to the Bamboo API and all GET requests are working but when I try to make a POST to trigger a deployment I get a 403 error response with the message "XSRF check failed."

I have tried turning off the Enable XSRF Protection option in Bamboo security settings and restarting the Bamboo service, but that change has had no effect. (per the instructions in this article:\).

Why does that setting in Bamboo have no effect?  

1 answer

1 accepted

0 votes
Answer accepted

Hello @Jeremy Skinner welcome to the community! 

Did you try to add either `X-Atlassian-Token: no-check` or `Content-type: application/json` to these requests?

Did adding those help?

I did try adding both of those headers but the issue persisted.  I'm trying to make the request through a browser application (Angular), and it is my understanding that the browser removes the arbitrary Atlassian headers. 


I'd like to understand why changing the setting in Bamboo does not resolve the issue.  According to the confluence article I referenced that should have removed the XSRF requirement.

Ok, I think I overlooked that you mentioned "develop an interface", I thought you were executing simple REST calls. You are actually making these requests from the browser and having "Additional XSRF checks..." error, correct?

If so, what is happening is that the CORS filter blocking requests from a different domain (your application is definitely not on the same domain as Bamboo).

To fix that, you need to configure Tomcat to handle these connections from a different domain, you can find more details here. Also, Tomcat documentation.

Please let me know if that helped you.

That makes sense, I already had to set up some filtering just to get the GET requests to pass through CORS.  Then I ran into this issue again when I tried to send a POST.


In any case my application ended up needing some more back end functionality so I've created a .NET Core app that my UI connects to, and I can send the Bamboo requests from the back end with no issue.  


Thanks for your help!

Like Victor Debone likes this

Glad to help :)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bamboo

Bamboo Data Center 8.1 is now available

G’day Bamboo customers, Bamboo DC 8.1 is now available with it the following features and programs: SAML 2.0, OpenID Connect, and Crowd SSO In order to help admins with a simplified user manage...

217 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you