Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Some POST reqests like jira/rest/webResources/1.0/resources fail with 403

Dirk
Dirk September 19, 2018

We have the following issues with our Jira installation and we think they might be connected:

1. Wenn doing some HTTP POSTs we get a HTTP 403. Like when we click on the "Permission helper" button on https://jira.mycompany.com/jira/plugins/servlet/project-config/XXXX/permissions nothing happens.
When loading https://jira.mycompany.com//jira/plugins/servlet/project-config/XXXX/permissions we get a 403 for jira/rest/webResources/1.0/resources and jira/rest/analytics/1.0/publish/bulk.

(Cookie: atlassian.xsrf.token=B7T9-41LS-D1L1-IBGJ_37a4583a613a1dd294b70c6aae0300200243a1f8_lin; JSESSIONID=578A399422EE973B591DFCF8B8C9276F; jira.editor.user.mode=wysiwyg; TEX=MTUzNzMzOTk1NXxOUEtUbHZLNTZnYjdaQ1c2d1JfZ0lHa1dXLWY4SXdLVEpzRXp5MDRDN0stdy1NU2thcGg5eTNsazFTekVFclNzS2Rka1l0UW1rNXh1NzVxaExzSVpBeWQ2Y09Wal9zY2puelZlUlRLamhQMUVGNWVLNmFrZ1RZSEF1YkMzYmhMTkV5OHNlMTV1MElqYnlmenBUSDU0SXhTT1ZqUjBKZk1WclZyNnVZMXYwQWdoT3hxcjZUUU1RbFJjcWtaRnNRPT18srBukzKiGDjpScfTu3I6B2YbE6xg9vNteUQck-oOdWc=)

The log gives entries like:

2018-09-19 07:05:30,829 http-nio-8080-exec-22 WARN admin 425x882x1 1t997dj 10.6.33.111,127.0.0.1,10.6.30.83,10.6.30.59 /rest/plugins/self-update/1.0/ [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: https://jira.mycompany.com/jira/rest/webResources/1.0/resources , origin: null , referrer: null , credentials in request: true , allowed via CORS: false

(Why is origin null?)

 

2. The sidebar does not show:

Unbenannt.JPG

Other POST requests work fine (editing issues etcetera).

The connector in server.xml is configured like this:

 <Connector port="8080"
                                        maxThreads="150"
                                        minSpareThreads="25"
                                        connectionTimeout="20000"
                                        enableLookups="false"
                                        maxHttpHeaderSize="8192"
                                        protocol="HTTP/1.1"
                                        useBodyEncodingForURI="true"
                                        redirectPort="8443"
                                        acceptCount="100"
                                        disableUploadTimeout="true"
                                        proxyName="jira.mycompany.com"
                                        proxyPort="443"
                                        scheme="https"
                                        />

Jira Version: 7.12.1

When starting up one error occurred:

2018-09-19 06:55:12,118 http-nio-8080-exec-1 ERROR anonymous 415x1x1 - 10.6.33.111,127.0.0.1,10.6.30.83,10.6.30.59 /rest/gadget/1.0/dateCountInPeriod [c.atlassian.instrumentation.Instrument] Unable to snapshot thread local operations (implementation of OpTimerFactory is not a ThreadLocalOpTimerFactory): null

Answer
Watch
Like Be the first to like this
3879 views

2 answers

0 votes
Miklós Tix
Miklós Tix May 12, 2022

Hi,

What was the solution here, could you please describe?

Thanks inadvance!

Reply
0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 21, 2018

Hi Dirk,

This is an interesting problem! Some questions:

  1. Can you confirm the base URL in Jira matches what you've got in your proxyName value in the server.xml file? Also double-check that the base URL in Jira starts with https since you're running with SSL at your reverse proxy.
  2. What reverse proxy are you using (nginx, Apache, etc) and can you post the relevant connector?

At first glance I agree that the problems you listed do appear to be connected. From the information you've gathered it looks like there's a URL mismatch somewhere in the chain (reverse proxy thinks the application URL is one thing, Jira thinks it's something else).

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events