Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cannot add SSH Keys - XSRF Security Token Missing Edited

I can create projects, but I cannot add access keys to projects, or ssh keys to people.

I've already gone through all 6 options here: https://confluence.atlassian.com/bitbucketserverkb/xsrf-security-token-missing-779171343.html

I can recreate the error when I bypass my proxy (eliminating #1).

I can recreate the error when I set 'server.secure=false', or simply remove 'server.secure=' from bitbucket.properties. (eliminating #2).

I am not running any other applications on the same URL path (eliminating #3).

I am not using Bitbucket Data Center (eliminating #4).

I am starting with https, and continuing with https on all requests (eliminating #5).

I never had a jvmRoute property, nor can I find any cluster.node.name property in any file (eliminating #6).

I've tried adding x-atlassian-token: no-check as a header with haproxy, and that didn't work.

I've tried looking for any way to disable xsrf security token checking on bitbucket, but there doesn't seem to be any option for it.

I've looked at all the logs, and don't see any xsrf related information anywhere.

On the first "add key", the URL seems the same.

When I click "Retry Operation", the URL changes to /mvc/xsrfNotification

When I click "Retry Operation" again, the URL changes to /mvc/null

UPDATE

I went so far as to decompile and edit the HttpSessionXsrfTokenGenerator class, and force hasValidToken to always return true:

public boolean hasValidToken(HttpServletRequest request) {
return true;
}

Despite this hard-forced override of any valid token check, I'm *still* getting:

XSRF Security Token Missing

Something tells me there's a deeper problem here than what the error message says.

UPDATE 2

When I manually hack the sal-core-4.4.0.jar, and com/atlassian/sal/core/xsrf/IndependentXsrfTokenValidator.java, I can disable the check and it works.  I haven't been able to trace exactly why it's failing there for adding ssh keys.

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.6
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,878 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you