https://confluence.atlassian.com/bitbucketserverkb/xsrf-security-token-missing-779171343.html describes my problem pretty well, but none of the solutions are working.
This is a three-node Bitbucket Data Center system, behind a Netscaler load balancer, and the BITBUCKETSESSIONID cookie is getting set -- that I can see with the browser's tools.
Lines like this appear in the atlassian-bitbucket.log files:
2020-12-02 11:53:10,497 WARN [http-nio-7990-exec-1] admin @BL40E5x713x8x3 1d7b6ia 10.82.0.10 "POST /rest/analytics/1.0/publish/bulk HTTP/1.1" c.a.p.r.c.s.j.XsrfResourceFilter Additional XSRF checks failed for request: http://cigfsgit.runwaynine.com:443/rest/analytics/1.0/publish/bulk , origin: https://cigfsgit.runwaynine.com , referrer: https://cigfsgit.runwaynine.com/admin , credentials in request: true , allowed via CORS: false
The load balancer is redirecting HTTP requests to HTTPS, the secure attribute isn't set in bitbucket.properties, and this is a new installation, so there's no "jvmRoute" set.
that looks like a typo to me - check both the Base URL you configured in the Bitbucket Server admin UI, as well as your settings for server.scheme in bitbucket.properties, which should be set to https, and server.secure needs to be set to true.
Premier Support Engineer
Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events