Hi,
we have a python script that recursively checks all projects/repositories for a checked "allow forks" setting.
The get request works without any problem.
But when we try to switch off "allow forks" with a post request an error "XSRF Security Token Missing" occurs.
For debugging purposes we crosschecked this behaviour using curl. Same problem here.
Our curl command (servername removed):
curl -vs --insecure -H "Content-Type: application/json" -H "X-Atlassian-Token: no-check" -X POST -d '{"name":"bitbucket","forkable":"off"}' https://servername.domain.de:8443/projects/XXX/repos/bitbucket/settings
Output (security relevant information removed)
About to connect() to servername.domain.de port 8443 (#0)
Trying ip_here...
Connected to servername.domain.de (ip_here) port 8443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
skipping SSL peer certificate verification
SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server certificate: **removed**
POST /projects/XXX/repos/bitbucket/settings HTTP/1.1
User-Agent: curl/7.29.0
Host: servername.domain.de:8443
Accept: */*
Content-Type: application/json
X-Atlassian-Token: no-check
Content-Length: 37
and lots of HTML output containing the error "XSRF Security Token Missing" somewhere inside.
We also tried passing the -u 'username' parameter and the password along woth the curl command - same result.
All the documentation found in the web results in using the
X-Atlassian-Token: no-check
in the header information. It doesn'n matter if I use nocheck or no-check.
Any idea how to solve this?
Thanks & regards
Peter
Are you missing /rest/api/1.0 in your URL?
Hi Josh,
thanks for your hint. I already tried this
curl -vs --insecure -H "Content-Type: application/json" -H "X-Atlassian-Token: no-check" -H "Origin: https://SERVERNAME.tui.de:8443" -X POST -d '{"name":"bitbucket","forkable":"off"}' -u BITBUCKETUSER https://SERVERNAME:8443/rest/api/1.0/projects/SCM/repos/bitbucket/
I get the following error:
This repository URL is already taken by 'bitbucket' in 'Systemuser Bitbucket'"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.