Upgraded Bamboo from 6.4.1 to 6.10.2
Carried over parms from previous server.xml file. No changes were made to proxy/apache server. Nothing really changed in the config files from the previous version. Not sure why only the view all deployment projects page is affected, everything else seems to be ok.
Everything looks ok except when trying to access Deploy > All Deployment Projects ... we get two pop-ups.
First - An unexpected error has occurred, Please try reloading page
Second - Background page refresh cannot contact server. Please ensure Bamboo server is available.
In the logs we see the following:
2019-12-09 15:31:36,740 INFO [https-jsse-nio-8085-exec-22] [AccessLogFilter] xaxg066 POST https://bamboo.grainger.com:5443/rest/api/latest/deploy/dashboard/status 7589620kb
2019-12-09 15:31:36,742 WARN [https-jsse-nio-8085-exec-22] [XsrfResourceFilter] Additional XSRF checks failed for request: https://bamboo.grainger.com:5443/rest/api/latest/deploy/dashboard/status , origin: https://bamboo.grainger.com , referrer: https://bamboo.grainger.com/deploy/viewAllDeploymentProjects.action , credentials in request: true , allowed via CORS: false
We have a work-around by adding the proxy port (5443) to the url - example
What doesn’t work anymore: https://bamboo.grainger.com/deploy/viewAllDeploymentProjects.action
<!-- Reverse proxy listening port -->
In case anyone else is here from google, I too ran smack into this upgrading to 6.10.4 (prior version I'm unsure - I had done multiple serial upgrades and didn't check the deploy page on each hop). My corporate security appliance shall remain nameless, but SSL terminates at the appliance, so Tomcat is getting http, but everything about Bamboo the app, has to be fooled into thinking it's https.
What I had to do to get this working was Admin > General Configuration> Base URL: https://bamboo.my.co/bamboo
Tomcat connector config: scheme="https" proxyName="bamboo.my.co" proxyPort="" secure="true"
That "" is not a mistake.
This config finally allowed that deploy page to finally compose the same origin and referrer URLs.
Prior to this upgrade, the tomcat config was simply (and, I guess wrongly) proxyName="bamboo.my.co" proxyPort="443"
@Mike Curwen NL- Thank you! We have a similar setup (https terminating at the proxy; proxy talking to Bamboo over http) and encountered this problem when we upgraded from 6.9.2 to 6.10.6. (I suspect this was caused by the upgrade of the bundled Tomcat from 8.0 to 8.5, and the fact that we switched our proxying protocol from AJP to http, but that's just a guess)
We don't use Bamboo's built-in deployments, but for us, the problem manifested on the Manage apps page. Both the "Pause server" button and the "Update" buttons for all the individual plug-ins were broken (buttons would just pop up error messages, and not do anything else). Bamboo's app logs showed we were triggering XSRF problems. I added the four parameters you listed above to the <Connector> block for the http connection in our server.xml, restarted Bamboo, and the above errors went away -- add-on management is working normally for us again.
Thanks again for sharing your solution -- you saved me a *ton* of headaches.