Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira core connection going to Crowd application link fails with XSRF Security Token Missing Edited

Hi, All

Seeking for your help on how to resolve this kind of scenario error when i am trying to connect my Jira core application going to Crowd using application links it fails. Setup of my UAT server is Jira core, service desk and Crowd running in the same VM machine but different DB and different port number i'm using. My Confluence is in different Vm machine. Both Jira core, service desk and Confluence have no issue with regards in integrating and application links. But when i am trying to link my jira core to Crowd same as Confluence i got an network error connection fails.

Below are the version i am using for my UAT server, Where planning to go live this coming 3rd week of Feb 2019. 

MS SQL server 2012 standard

Jira core - 7.12.0

Jira service desk - 3.15.0

Confluence 6.12.2

Crowd 3.3.3 - Apache tomcat/8.5.34

In jira side the connection is ok, when i trying to remote my Crowd and put the URL of my Jira apps in application links i got this error.

XSRF Security Token Missing

We could not complete this action due to a missing form token.

You may have cleared your browser cookies, which could have resulted in the expiry of your current form token. A new form token has been reissued.

 

When i trying to retry this is the result.

 

HTTP Status 405 – Method Not Allowed


Type Status Report

Message HTTP method POST is not supported by this URL

Description The method received in the request-line is known by the origin server but not supported by the target resource.


Apache Tomcat/8.5.34

Hope i got a good feedback or troubleshooting on how to resolve this error.

Thanks,

Philip

 

1 answer

Hi @Philip Arcilla

Regarding the application link fails with XSRF Security Token Missing issue has been discussed in the following community ticket. Can you please have look into it, this will helpful to you.

Regards,

Yoga

Thanks for your response @Yoganand Reddy _Appfire_. I've read the community ticket with the same issue/error encounter. Honestly this is my first time handling Jira server. 

Base to Branden 

"This can happen if there is a proxy configured in front of the server using HTTP Basic Authentication (mod_auth_basic) due to the fact that versions 2.10+ don't support sessions for HTTP basic authentication.  We explicitly invalidate the HTTP session at the end of every request which uses basic authentication for scalability since we don't want Tomcat holding a possibly large amount of sessions that were created having serving only one request. As a result, anything which relies on sessions to work (e.g. XSRF protection) will no longer work.  

A misconfiguration of the Tomcat connector can cause this. Specifically, if an insecure connector incorrectly contains the secure="true" attribute and value.

When running multiple Atlassian products on the same server using the same domain and only differentiating by port number. Java web applications identify your session by setting a cookie in your browser. This cookie is bound to the hostname and path that each application is deployed to, but ignores the port. Applications that reside at URLs where only the port is different may unintentionally overwrite each other's session information, resulting in lost sessions."

Yeah my Jira core/Service Desk and Crowd is running in the same VM server machine, It is OK to run both core and crowd run in the same machine, same domain and hostname/IP but different port number i'am using for Jira core port 8080 and for my Crowd 8095 but same hostname. Can you also me help me how can i do that this solution no. 2 coming for the article. Sorry i am not much familiar in Jira, Hope you can send me a guide or sample screenshot to resolve this error.

Option #2

  1. Stop Stash.
  2. Remove the secure="true" attribute and value from: $STASH_HOME/shared/server.xml 
  3. Start Stash

Thank you for the above information.

Thanks,

PhilipA

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Asked in Jira Service Desk

Calling all Insight users, we need your help!

Hello Insight users,  As part of our (Mindville's) acquisition by Atlassian, our training team is looking to build some new Insight training materials. It would really helpful if you can ...

102 views 1 0
View question

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you