XSRF check failed

Salma_Khattab2310 June 5, 2020

Am using the basic auth tocreate issue using the API in postman and it created successfully but when i do the same using the JS it gives me 403 XSRF check failed


here's the code


 $http.post("http://localhost:8080/rest/api/2/issue" , JSON.stringify(data),             {                headers: {                    'Authorization': 'Basic c2toYXR0YWI6T1BCcWFSaHBNZEZNM3JhUWhTeDJMbzRzR1M3U3NzMDBScGlRYU4=',                    'Content-Type': 'application/json',                    'Access-Control-Allow-Origin' : 'http://localhost:8080',                    'X-Atlassian-Token': 'no-check'                }            }            

3 answers

0 votes
Ricardo Wolosker March 6, 2024

também tentei colocar X-Atlassian-Token e não deu certo não.


0 votes
Ricardo Wolosker March 6, 2024

poxa, que mandinga!!! será que se trocar o User-Agent funciona mesmo? DUVIDO!!

0 votes
Lukas Meili August 17, 2021

Hi, I know this is a very old issue but I just stumbled upon this problem as well and I thought I might be able to help people with the same issue. In our case, there were two possible solutions. 

- Change User Agents Header (not possible as far as I know in Chrome)

- Whitelist/Allowlist the origin domain in Jira. When you send a request to the Jira API your browser automatically populates the "origin" header. You need to add that value to the whitelist/allowlist in Jira. -> See here Configuring the allowlist | Jira | Atlassian Documentation
Type "Domain" should work.


See the issue documented by Atlassian:

REST API calls with a browser User-Agent header may fail CSRF checks | Jira | Atlassian Documentation

Suggest an answer

Log in or Sign up to answer