Enable XSRF check in Jira Server/Data Center for all Post Requests

January 19, 2022

I want to validate XSRF check with my post request. Example shown below:

@POST
@com.atlassian.plugins.rest.common.security.RequiresXsrfCheck
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
public Response uploadAttachmentFile(@Context HttpServletRequest request) {

I am passing the cookie token value for atlassian.xsrf.token in a header as

--header 'X-XSRF-TOKEN': 'token-value-found-from cookie token value'

Still I get XSRF check failed with 404 status

[WARN] [common.security.jersey.XsrfResourceFilter] XSRF checks failed for request: http://localhost:2990/jira/rest/attachments/upload ,
origin: http://localhost:2990 , referrer: http://localhost:2990/jira/secure/App.jspa

I have been using the below version to access XSRF check

<atlassian.rest.common.version>7.0.0-m02</atlassian.rest.common.version>

For references followed CSRF topic with below site:

https://developer.atlassian.com/server/framework/atlassian-sdk/atlassian-rest-api-design-guidelines-version-1/#security

I want to stop CSRF attack that I have been able to do using Burp Suite POC.

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Enable XSRF check in Jira Server/Data Center for all Post Requests

0 answers

Suggest an answer

TAGS

Atlassian Community Events