Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

XSRF Check failed during POST to Bamboo API

Jeremy Skinner May 17, 2019

I am trying to develop an interface to the Bamboo API and all GET requests are working but when I try to make a POST to trigger a deployment I get a 403 error response with the message "XSRF check failed."

I have tried turning off the Enable XSRF Protection option in Bamboo security settings and restarting the Bamboo service, but that change has had no effect. (per the instructions in this article: https://confluence.atlassian.com/bamboo/configuring-xsrf-protection-427624344.html\).

Why does that setting in Bamboo have no effect?  

1 answer

1 accepted

0 votes
Answer accepted
Victor Debone
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 20, 2019

Hello @Jeremy Skinner welcome to the community! 

Did you try to add either `X-Atlassian-Token: no-check` or `Content-type: application/json` to these requests?

Did adding those help?

Jeremy Skinner May 20, 2019

I did try adding both of those headers but the issue persisted.  I'm trying to make the request through a browser application (Angular), and it is my understanding that the browser removes the arbitrary Atlassian headers. 

 

I'd like to understand why changing the setting in Bamboo does not resolve the issue.  According to the confluence article I referenced that should have removed the XSRF requirement.

Victor Debone
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 21, 2019

Ok, I think I overlooked that you mentioned "develop an interface", I thought you were executing simple REST calls. You are actually making these requests from the browser and having "Additional XSRF checks..." error, correct?

If so, what is happening is that the CORS filter blocking requests from a different domain (your application is definitely not on the same domain as Bamboo).

To fix that, you need to configure Tomcat to handle these connections from a different domain, you can find more details here. Also, Tomcat documentation.

Please let me know if that helped you.

Jeremy Skinner May 23, 2019

That makes sense, I already had to set up some filtering just to get the GET requests to pass through CORS.  Then I ran into this issue again when I tried to send a POST.

 

In any case my application ended up needing some more back end functionality so I've created a .NET Core app that my UI connects to, and I can send the Bamboo requests from the back end with no issue.  

 

Thanks for your help!

Like Victor Debone likes this
Victor Debone
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 24, 2019

Glad to help :)

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events