Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira core connection going to Crowd application link fails with XSRF Security Token Missing Edited

Hi, All

Seeking for your help on how to resolve this kind of scenario error when i am trying to connect my Jira core application going to Crowd using application links it fails. Setup of my UAT server is Jira core, service desk and Crowd running in the same VM machine but different DB and different port number i'm using. My Confluence is in different Vm machine. Both Jira core, service desk and Confluence have no issue with regards in integrating and application links. But when i am trying to link my jira core to Crowd same as Confluence i got an network error connection fails.

Below are the version i am using for my UAT server, Where planning to go live this coming 3rd week of Feb 2019. 

MS SQL server 2012 standard

Jira core - 7.12.0

Jira service desk - 3.15.0

Confluence 6.12.2

Crowd 3.3.3 - Apache tomcat/8.5.34

In jira side the connection is ok, when i trying to remote my Crowd and put the URL of my Jira apps in application links i got this error.

XSRF Security Token Missing

We could not complete this action due to a missing form token.

You may have cleared your browser cookies, which could have resulted in the expiry of your current form token. A new form token has been reissued.


When i trying to retry this is the result.


HTTP Status 405 – Method Not Allowed

Type Status Report

Message HTTP method POST is not supported by this URL

Description The method received in the request-line is known by the origin server but not supported by the target resource.

Apache Tomcat/8.5.34

Hope i got a good feedback or troubleshooting on how to resolve this error.




1 answer

Hi @Philip Arcilla

Regarding the application link fails with XSRF Security Token Missing issue has been discussed in the following community ticket. Can you please have look into it, this will helpful to you.



Thanks for your response @Yoganand Reddy (Appfire). I've read the community ticket with the same issue/error encounter. Honestly this is my first time handling Jira server. 

Base to Branden 

"This can happen if there is a proxy configured in front of the server using HTTP Basic Authentication (mod_auth_basic) due to the fact that versions 2.10+ don't support sessions for HTTP basic authentication.  We explicitly invalidate the HTTP session at the end of every request which uses basic authentication for scalability since we don't want Tomcat holding a possibly large amount of sessions that were created having serving only one request. As a result, anything which relies on sessions to work (e.g. XSRF protection) will no longer work.  

A misconfiguration of the Tomcat connector can cause this. Specifically, if an insecure connector incorrectly contains the secure="true" attribute and value.

When running multiple Atlassian products on the same server using the same domain and only differentiating by port number. Java web applications identify your session by setting a cookie in your browser. This cookie is bound to the hostname and path that each application is deployed to, but ignores the port. Applications that reside at URLs where only the port is different may unintentionally overwrite each other's session information, resulting in lost sessions."

Yeah my Jira core/Service Desk and Crowd is running in the same VM server machine, It is OK to run both core and crowd run in the same machine, same domain and hostname/IP but different port number i'am using for Jira core port 8080 and for my Crowd 8095 but same hostname. Can you also me help me how can i do that this solution no. 2 coming for the article. Sorry i am not much familiar in Jira, Hope you can send me a guide or sample screenshot to resolve this error.

Option #2

  1. Stop Stash.
  2. Remove the secure="true" attribute and value from: $STASH_HOME/shared/server.xml 
  3. Start Stash

Thank you for the above information.



Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

195 views 6 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you