Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

After Bamboo v6.10.2 upgrade, XSRF errors when trying to view all deployment projects

Edited

Upgraded Bamboo from 6.4.1 to 6.10.2 

Carried over parms from previous server.xml file.  No changes were made to proxy/apache server.  Nothing really changed in the config files from the previous version.  Not sure why only the view all deployment projects page is affected, everything else seems to be ok.

Everything looks ok except when trying to access Deploy > All Deployment Projects ... we get two pop-ups. 
First -  An unexpected error has occurred, Please try reloading page

Second - Background page refresh cannot contact server. Please ensure Bamboo server is available.

In the logs we see the following:

2019-12-09 15:31:36,740 INFO [https-jsse-nio-8085-exec-22] [AccessLogFilter] xaxg066 POST https://bamboo.grainger.com:5443/rest/api/latest/deploy/dashboard/status 7589620kb

2019-12-09 15:31:36,742 WARN [https-jsse-nio-8085-exec-22] [XsrfResourceFilter] Additional XSRF checks failed for request: https://bamboo.grainger.com:5443/rest/api/latest/deploy/dashboard/status , origin: https://bamboo.grainger.com , referrer: https://bamboo.grainger.com/deploy/viewAllDeploymentProjects.action , credentials in request: true , allowed via CORS: false

 

We have a work-around by adding the proxy port (5443) to the url - example

What doesn’t work anymore:  https://bamboo.grainger.com/deploy/viewAllDeploymentProjects.action

 

Work-around:  https://bamboo.grainger.com:5443/deploy/viewAllDeploymentProjects.action

 

server.xml

 <!-- Reverse proxy listening port -->
<Connector port="8085"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="5443"
acceptCount="100"
disableUploadTimeout="true"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
SSLEnabled="true"
secure="true"
scheme="https"
proxyName="bamboo.grainger.com"
proxyPort="5443"
sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.1,TLSv1.2"
keystoreType="PKCS12"
keystoreFile="########.p12"
keystorePass="#########"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
/>

 

2 answers

In case anyone else is here from google, I too ran smack into this upgrading to 6.10.4 (prior version I'm unsure - I had done multiple serial upgrades and didn't check the deploy page on each hop). My corporate security appliance shall remain nameless, but SSL terminates at the appliance, so Tomcat is getting http, but everything about Bamboo the app, has to be fooled into thinking it's https.  

What I had to do to get this working was Admin > General Configuration> Base URL:  https://bamboo.my.co/bamboo

 

Tomcat connector config:  scheme="https" proxyName="bamboo.my.co" proxyPort="" secure="true"

That "" is not a mistake.   

 

This config finally allowed that deploy page to finally compose the same origin and referrer URLs.     

 

Prior to this upgrade, the tomcat config was simply (and, I guess wrongly) proxyName="bamboo.my.co" proxyPort="443"

Shouldn't 

proxyPort="5443"

be 443 in your server.xml? 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

New improvements to user management in Bitbucket Cloud 👥

Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...

3,762 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you