Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

xsrf check failed when create jira ticket via rest api

wenting liu
wenting liu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 20, 2019

I have a web application built with angular 8 , I am trying to use http post to call JIRA rest API to create an issue from my application, when I use http get, i can successfully get the issue from JIRA api, but post method always give error: XSRF check failed even I set header "X-Atlassian-Token" as 'no-check'.

Even tried to set "jira.xsrf.enabled" as false in jira-application.properties

I am using Basic authentication as I am trying to use bot to create jira issue.

Answer
Watch
Like # people like this
7227 views

2 answers

1 vote
brbojorque
brbojorque
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 22, 2019

Hi @wenting liu ,

Based on this documentation you need to add a header like so.

X-Atlassian-Token: no-check

https://developer.atlassian.com/server/jira/platform/form-token-handling/

Reply
0 votes
Lukas Meili
Lukas Meili August 17, 2021

Hi, I know this is a very old issue but I just stumbled upon this problem as well and I thought I might be able to help people with the same issue. In our case, there were two possible solutions. 

- Change User Agents Header (Not possible as far as I know in chrome)

- Whitelist/Allowlist the origin domain in Jira. When you send a request to the Jira API your browser automatically populates the "origin" header. You need to add that value to the whitelist/allowlist in Jira. -> See here Configuring the allowlist | Jira | Atlassian Documentation
Type "Domain" should work.

 

See the issue documented by Atlassian:

REST API calls with a browser User-Agent header may fail CSRF checks | Jira | Atlassian Documentation

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events