Hi,
we have a python script that recursively checks all projects/repositories for a checked "allow forks" setting.
The get request works without any problem.
But when we try to switch off "allow forks" with a post request an error "XSRF Security Token Missing" occurs.
For debugging purposes we crosschecked this behaviour using curl. Same problem here.
Our curl command (servername removed):
curl -vs --insecure -H "Content-Type: application/json" -H "X-Atlassian-Token: no-check" -X POST -d '{"name":"bitbucket","forkable":"off"}' https://servername.domain.de:8443/projects/XXX/repos/bitbucket/settingsOutput (security relevant information removed)
About to connect() to servername.domain.de port 8443 (#0)
Trying ip_here...
Connected to servername.domain.de (ip_here) port 8443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
skipping SSL peer certificate verification
SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server certificate: **removed**
POST /projects/XXX/repos/bitbucket/settings HTTP/1.1
User-Agent: curl/7.29.0
Host: servername.domain.de:8443
Accept: */*
Content-Type: application/json
X-Atlassian-Token: no-check
Content-Length: 37
and lots of HTML output containing the error "XSRF Security Token Missing" somewhere inside.
We also tried passing the -u 'username' parameter and the password along woth the curl command - same result.
All the documentation found in the web results in using the
X-Atlassian-Token: no-check
in the header information. It doesn'n matter if I use nocheck or no-check.
Any idea how to solve this?
Thanks & regards
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.