I am trying to develop an interface to the Bamboo API and all GET requests are working but when I try to make a POST to trigger a deployment I get a 403 error response with the message "XSRF check failed."
I have tried turning off the Enable XSRF Protection option in Bamboo security settings and restarting the Bamboo service, but that change has had no effect. (per the instructions in this article: https://confluence.atlassian.com/bamboo/configuring-xsrf-protection-427624344.html\).
Why does that setting in Bamboo have no effect?
Hello @Jeremy Skinner welcome to the community!
Did you try to add either `X-Atlassian-Token: no-check` or `Content-type: application/json` to these requests?
Did adding those help?
I did try adding both of those headers but the issue persisted. I'm trying to make the request through a browser application (Angular), and it is my understanding that the browser removes the arbitrary Atlassian headers.
I'd like to understand why changing the setting in Bamboo does not resolve the issue. According to the confluence article I referenced that should have removed the XSRF requirement.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, I think I overlooked that you mentioned "develop an interface", I thought you were executing simple REST calls. You are actually making these requests from the browser and having "Additional XSRF checks..." error, correct?
If so, what is happening is that the CORS filter blocking requests from a different domain (your application is definitely not on the same domain as Bamboo).
To fix that, you need to configure Tomcat to handle these connections from a different domain, you can find more details here. Also, Tomcat documentation.
Please let me know if that helped you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That makes sense, I already had to set up some filtering just to get the GET requests to pass through CORS. Then I ran into this issue again when I tried to send a POST.
In any case my application ended up needing some more back end functionality so I've created a .NET Core app that my UI connects to, and I can send the Bamboo requests from the back end with no issue.
Thanks for your help!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Glad to help :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.