xsrf check failed

Keith Comer October 25, 2015

Using JIRA Cloud. When I use cURL to create an issue, I get the response "XSRF check failed". If I pass the wrong auth credentials I get a 401 error. I am using Basic HTTP auth. I am passing the X-Atlassian-Token: no-check header.

This was working fine until a few weeks ago. Any help is appreciated. 

3 answers

0 votes
leonliusg April 11, 2016

try to add a header name: "origin", value: JIRA base url

Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 13, 2016

how do you deal with this when the rest call is made form javascript in the browser?
As far as I'm aware it's not possible to alter the origin header

0 votes
Keith Comer October 27, 2015

Sorry for the slow response. Atlassian has insane rules about people posting once every 24 hours until they get 3 points. I also tried that. Found several articles about that bug. I get the same error with nocheck and no-check. Here are the curl headers I am sending. POST /rest/api/latest/issue/ HTTP/1.1 Authorization: Basic ****removed***** User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1 Host: ppwizard.atlassian.net Accept: */* Content-Type: application/json X-Atlassian-Token: nocheck Content-Length: 160 post data is {"fields":{"project":{"key":"PMSS"},"summary":"test2","description":"test2\n\nKeith Comer [mailto:keith@propertypreswizard.com]\n","issuetype":{"name":"OOBB"}}} I get HTTP/1.1 403 Forbidden returned with XSRF check failed

0 votes
Jared Dohrman [Design Industries]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 25, 2015

Hi @Keith Comer,

It should be 'nocheck' without '-'

Thanks,

Jared - Design Industries

Scott Welker October 7, 2016

For the benefit of others, depends upon the version. The v5.10 Confluence REST API gave me the following. Presumably JIRA followed suit.

"Use of the 'nocheck' value for X-Atlassian-Token has been deprecated since rest 3.0.0. Please use a value of 'no-check' instead.

 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events