Random XSRF checks failed errors since upgrading to SM 5.6. / JS 9.6.0

Shaun Daigle April 3, 2023

Since upgrading to Jira 9.6 and Service Management 5.6, our users are receiving random XSRF errors throughout the day when using Jira Service Management. Here are a few of the errors from the logs:


2023-04-03 16:49:42,950-0300 https-openssl-nio-8444-exec-13 WARN user.name 1009x19665x1 1l6rkfq 192.168.2.1 /rest/jddap/1.0/attachment [c.a.p.r.c.security.jersey.XsrfResourceFilter] XSRF checks failed for request: https://atlassian.dieppe.ca:8444/rest/jddap/1.0/attachment , origin: https://atlassian.dieppe.ca:8444 , referrer: https://atlassian.dieppe.ca:8444/browse/TECH-18576

2023-04-03 16:32:37,619-0300 https-openssl-nio-8444-exec-23 INFO user.name 992x18803x1 t0uojt 192.168.2.1 /secure/WorkflowUIDispatcher.jspa [c.a.j.web.action.XsrfErrorAction]
The security token is missing for 'Shaun.Daigle'. User-Agent : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36'

2023-04-03 15:15:19,776-0300 https-openssl-nio-8444-exec-16 WARN user.name 915x11633x1 mg4mvn 192.168.2.1 /secure/WorkflowUIDispatcher.jspa [c.a.j.web.dispatcher.JiraWebworkActionDispatcher] XSRF checks failed for action 'com.atlassian.jira.web.action.workflow.WorkflowUIDispatcher!execute' (recoverable: true, token present: true)

2023-04-03 12:38:50,075-0300 https-openssl-nio-8444-exec-9 WARN user.name 758x532x1 hjsr0p 192.168.2.1 /secure/QuickCreateIssue!default.jspa [c.a.j.web.dispatcher.JiraWebworkActionDispatcher] XSRF checks failed for action 'com.atlassian.jira.quickedit.action.QuickCreateIssue!default' (recoverable: true, token present: true)

 

Any idea how to resolve this issue?

Thanks

Shaun

 

1 answer

1 accepted

0 votes
Answer accepted
Shaun Daigle April 5, 2023

The issue was likely caused by an old version of the SQL+JQL plugin for Jira. We have disabled the plugin and are monitoring to see if the issue goes away.

Lucas Theisen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
January 18, 2024

@Shaun Daigle, do you remember how you determined it to be this specific plugin?  Did you tune some logging or something or just trial and error?  Did the issue go away after disabling the plugin?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
5.6.0
TAGS
AUG Leaders

Atlassian Community Events