Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Forbidden - CSRF header not found in request with bitbucket and tekton trigger with webhooks

anandjaisy September 27, 2023

I have set up the Tekton Trigger to auto-run the pipeline when certain code is pushed to the bitbucket repository.

 

apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: bitbucket-listener
  namespace: fetebird-common
spec:
  serviceAccountName: tekton-triggers-example-sa
  triggers:
    - name: bitbucket-triggers
      interceptors:
        - ref:
            name: "bitbucket"
          params:
            - name: secretRef
              value:
                secretName: git-ssh-key-secret
                secretKey: ssh-privatekey
            - name: eventTypes
              value:
                - repo:refs_changed
      bindings:
        - ref: bitbucket-trigger-binding
      template:
        ref: bitbucket-trigger-template

 

 

<image removed to protect privacy>

 

The details of the webhook

 

<image removed to protect privacy>

 

Error Forbidden - CSRF header not found in the request using the FREE trial version

1 answer

0 votes
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 27, 2023

Hi Anand,

Thought I would jump in here as you have not received a response yet from our Community.

Based on the webhooks log you have provided - I can see that the error is being returned by Tekton itself and seems to indicate that the headers being sent by Webhooks are not considered valid by Tekton.

We do not have explicit knowledge of Tekton as it is a third-party platform, however - based on Tekton's documentation, I can see that it has a webhooks interceptor specifically made for this purpose: https://tekton.dev/vault/triggers-v0.6.1/eventlisteners/#webhook-interceptors

Additionally, I notice that you are mentioning secrets in your YML configuration - at present, Webhooks does not support secrets although a feature request has been logged to track this with our development team:

Here is an example Webhooks header - Tekton will need to be configured to accept a header such as this, otherwise, it is likely that you will continue to encounter this issue:

Headers
connection Keep-Alive
content-length 8668
x-forwarded-server personal.webhooks
x-forwarded-host personal.webhooks
x-forwarded-for 18.246.31.226
accept */*
x-b3-sampled 1
x-b3-spanid aa8d4ce456223054
x-b3-traceid aa8d4ce456223054
content-type application/json
x-request-uuid a448af67-3068-4f20-bc32-2325a2edcf92
x-attempt-number 1
user-agent Bitbucket-Webhooks/2.0
x-event-time Thu, 28 Sep 2023 12:27:26 GMT
x-hook-uuid b956df39-eeb6-4fb0-8c0b-146d2c2131a5
x-event-key repo:push
host personal.webhooks

If you still encounter issues - I would suggest reaching out to the Tekton community for further assistance with configuring their platform-specific webhooks interceptor:
https://tekton.dev/community/

Hope this helps steer you in the right direction.

Cheers!

- Ben (Bitbucket Cloud Support)

anandjaisy October 3, 2023

@Ben Any idea what is the webhook URL for tekton, I have put 

http://34.173.33.220/v1/webhooks/bitbucket where 

34.173.33.220 is Kubernetes public IP address

Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 3, 2023

Hi @anandjaisy 

Unfortunately, our knowledge is limited to how Bitbucket Webhooks sends events and the payload associated with them. Anything past that on the third-party side we would not be able to advise on, I would suggest contacting the Tekton community for this question.

Cheers!

- Ben (Bitbucket Cloud Support)

anandjaisy October 17, 2023

@Ben 

Now facing however bitbucket said 202

 

{"severity":"error","timestamp":"2023-10-17T11:56:04.801Z","logger":"eventlistener","caller":"sink/validate_payload.go:42","message":"Invalid event body format : unexpected end of JSON input","commit":"9498e02-dirty"}
{"severity":"error","timestamp":"2023-10-17T11:56:32.548Z","logger":"eventlistener","caller":"sink/sink.go:438","message":"failed to ApplyEventValuesToParams: failed to replace JSONPath value for param gitrepositoryurl: $(body.repository.links.clone[0].href): clone is not found","commit":"9498e02-dirty","eventlistener":"bitbucket-listener","namespace":"fetebird-common","/triggers-eventid":"271a3671-a099-486d-9148-a05a1e6d7b47","eventlistenerUID":"199c84c0-1789-4784-8eba-55374a974e47","/triggers-eventid":"271a3671-a099-486d-9148-a05a1e6d7b47","/trigger":"bitbucket-triggers"}

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events