Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Jira core connection going to Crowd application link fails with XSRF Security Token Missing

Philip Arcilla January 22, 2019

Hi, All

Seeking for your help on how to resolve this kind of scenario error when i am trying to connect my Jira core application going to Crowd using application links it fails. Setup of my UAT server is Jira core, service desk and Crowd running in the same VM machine but different DB and different port number i'm using. My Confluence is in different Vm machine. Both Jira core, service desk and Confluence have no issue with regards in integrating and application links. But when i am trying to link my jira core to Crowd same as Confluence i got an network error connection fails.

Below are the version i am using for my UAT server, Where planning to go live this coming 3rd week of Feb 2019. 

MS SQL server 2012 standard

Jira core - 7.12.0

Jira service desk - 3.15.0

Confluence 6.12.2

Crowd 3.3.3 - Apache tomcat/8.5.34

In jira side the connection is ok, when i trying to remote my Crowd and put the URL of my Jira apps in application links i got this error.

XSRF Security Token Missing

We could not complete this action due to a missing form token.

You may have cleared your browser cookies, which could have resulted in the expiry of your current form token. A new form token has been reissued.


When i trying to retry this is the result.


HTTP Status 405 – Method Not Allowed

Type Status Report

Message HTTP method POST is not supported by this URL

Description The method received in the request-line is known by the origin server but not supported by the target resource.

Apache Tomcat/8.5.34

Hope i got a good feedback or troubleshooting on how to resolve this error.




1 answer

0 votes
Yoga Reddy {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 26, 2019

Hi @Philip Arcilla

Regarding the application link fails with XSRF Security Token Missing issue has been discussed in the following community ticket. Can you please have look into it, this will helpful to you.



Philip Arcilla January 26, 2019

Thanks for your response @Yoga Reddy {Appfire}. I've read the community ticket with the same issue/error encounter. Honestly this is my first time handling Jira server. 

Base to Branden 

"This can happen if there is a proxy configured in front of the server using HTTP Basic Authentication (mod_auth_basic) due to the fact that versions 2.10+ don't support sessions for HTTP basic authentication.  We explicitly invalidate the HTTP session at the end of every request which uses basic authentication for scalability since we don't want Tomcat holding a possibly large amount of sessions that were created having serving only one request. As a result, anything which relies on sessions to work (e.g. XSRF protection) will no longer work.  

A misconfiguration of the Tomcat connector can cause this. Specifically, if an insecure connector incorrectly contains the secure="true" attribute and value.

When running multiple Atlassian products on the same server using the same domain and only differentiating by port number. Java web applications identify your session by setting a cookie in your browser. This cookie is bound to the hostname and path that each application is deployed to, but ignores the port. Applications that reside at URLs where only the port is different may unintentionally overwrite each other's session information, resulting in lost sessions."

Yeah my Jira core/Service Desk and Crowd is running in the same VM server machine, It is OK to run both core and crowd run in the same machine, same domain and hostname/IP but different port number i'am using for Jira core port 8080 and for my Crowd 8095 but same hostname. Can you also me help me how can i do that this solution no. 2 coming for the article. Sorry i am not much familiar in Jira, Hope you can send me a guide or sample screenshot to resolve this error.

Option #2

  1. Stop Stash.
  2. Remove the secure="true" attribute and value from: $STASH_HOME/shared/server.xml 
  3. Start Stash

Thank you for the above information.



Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events