Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

XSRF Check failed during POST to Bamboo API

I am trying to develop an interface to the Bamboo API and all GET requests are working but when I try to make a POST to trigger a deployment I get a 403 error response with the message "XSRF check failed."

I have tried turning off the Enable XSRF Protection option in Bamboo security settings and restarting the Bamboo service, but that change has had no effect. (per the instructions in this article:\).

Why does that setting in Bamboo have no effect?  

1 answer

1 accepted

0 votes
Answer accepted

Hello @Jeremy Skinner welcome to the community! 

Did you try to add either `X-Atlassian-Token: no-check` or `Content-type: application/json` to these requests?

Did adding those help?

I did try adding both of those headers but the issue persisted.  I'm trying to make the request through a browser application (Angular), and it is my understanding that the browser removes the arbitrary Atlassian headers. 


I'd like to understand why changing the setting in Bamboo does not resolve the issue.  According to the confluence article I referenced that should have removed the XSRF requirement.

Ok, I think I overlooked that you mentioned "develop an interface", I thought you were executing simple REST calls. You are actually making these requests from the browser and having "Additional XSRF checks..." error, correct?

If so, what is happening is that the CORS filter blocking requests from a different domain (your application is definitely not on the same domain as Bamboo).

To fix that, you need to configure Tomcat to handle these connections from a different domain, you can find more details here. Also, Tomcat documentation.

Please let me know if that helped you.

That makes sense, I already had to set up some filtering just to get the GET requests to pass through CORS.  Then I ran into this issue again when I tried to send a POST.


In any case my application ended up needing some more back end functionality so I've created a .NET Core app that my UI connects to, and I can send the Bamboo requests from the back end with no issue.  


Thanks for your help!

Like Victor Debone likes this

Glad to help :)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bamboo

Bamboo Data Center - Early Access Program

G’day Bamboo customers, The wait is almost over! We are in the final stages of work on the first release of Bamboo Data Center, our self-managed enterprise offering of Bamboo. This Data Center offe...

945 views 0 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you