I keep getting these 'XSRF Security Token' errors in stash. They usually appear in sessions that have been around a while (maybe an hour or so). Refreshing the browser will take care of it, but it might come back on the next operation. Loggin out and logging in again seems to fix it for a while. Our Stash instance is using a Jira external directory for the user directory. What would be causing this? How can I fix the configuration to keep this from happening?
Stash currently protects all of its form submissions submissions from Cross-site request forgery by generating a secret token per-user and includes it in the form submission. This token is separate from the authentication mechanism used or the user directory strategy. This token expires a lot quicker than the user session.
If you do see the operation failure warning due to an expired XSRF protection all that is required is hit the 'Retry Operation' and your form submission should suceed and all subsequent forms should use the new token. Futhermore, you should only see this error if you leave a form sitting around for a while without submitting it.
This is all part of Stash's normal functionality.
Actually I discovered the problem. It was that I was running multiple atlassian applications on the same server, using the same hostname, which was causing the apps to step on each other's cookies. I changed it to have each app run under it's own DNS name, through an BigIP f5 switch, and it is working.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs