Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,300,025
Community Members
 
Community Events
165
Community Groups

Bitbucket Push Webhook fails invoking REST endpoint - XSRF check failed

I created a "Push" webhook in Bitbucket and when I try testing the URL, I come back with this error.

When I test the connection with the details below.  the test fails with "XSRF check failed" message.

However, when I have the REST service deployed on my local tomcat instance, such as - http://localhost:8080/bb_v1/api/webhook/postcommit, the call works.

Failure scenario

URL - http://machinename:7990/rest/v1_4_bb/1.1/webhook/postcommit

Request details

Event type:

Test connection event

URL endpoint:

http://machinename:7990/rest/v1_4_bb/1.1/webhook/postcommit

Headers

X-Request-Id: fd3c22ca-23b3-486a-9ad5-a1f5c5f5b4f1
X-Event-Key: diagnostics:ping

Body

No body

Response details

HTTP status:

403

Headers

X-AREQUESTID: @15H2BMUx691x42x1
Transfer-Encoding: chunked
X-ASEN: SEN-L9863425
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Date: Mon, 12 Mar 2018 15:31:23 GMT
Via: 1.1 localhost (Apache-HttpClient/4.4.1 (cache))
Content-Type: text/html

Body

XSRF check failed

 

 

2 answers

Bitbucket sends the requests. What service receives this request? It it is an Atlassian product like Atlassian Bamboo, the solution is described here:

https://confluence.atlassian.com/cloudkb/xsrf-check-failed-when-calling-cloud-apis-826874382.html

You need to add a additional Header. 

    X-Atlassian-Token: no-check

I would expect BitBucket sets such a header by default. Is it possible, you have some old version or some proxy server in between?

Alternately - in case of Bamboo - you can disable the XSRF protection in Security Settings. 

0 votes
Rodrigo M Atlassian Team Apr 19, 2018

Hey Shivaarava

 

Usually XSRF check failed errors are related to proxy configuration.

Can you please take a look at the Cross Site Request Forgery (CSRF) protection changes in Atlassian REST and try the resolutions mentioned on that article?

 

Regards!

Rodrigo.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,255 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you