Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can't Enable upgrade mode using REST api due to "XSRF checks failed"

ZPS GPM
ZPS GPM January 24, 2022

Hi!

I'm trying to automate the upgrade process for our Confluence 7.13 Data Center installation. Therefore I want to use the /rest/zdu/start endpoint to enable upgrade mode via a script.

But I'm stuck right at the beginning on my test system.

It's possible to get the state of the cluster:

curl -k -H "Authorization: Bearer <token>" https://conf-test.server/rest/zdu/state

But when I try 
curl -k -H "Authorization: Bearer <token>" https://conf-test.server/rest/zdu/start

there is no console output and in atlassian-confluence.log it says:

2022-01-24 15:58:19,378 WARN [http-nio-8090-exec-6] [common.security.jersey.XsrfResourceFilter] passesAllXsrfChecks XSRF checks failed for request: https://conf-test.server/rest/zdu/start , origin: null , referrer: null
-- url: /rest/zdu/start | traceId: 039e827a3833ec22 | userName: admin

 

XSRF seems to be a big problem while using the api, but I can't see any reason why /state works and /start doesn't!?!?

Any hint is appreciated!

Thx!

Answer
Watch
Like Be the first to like this
543 views

1 answer

1 accepted

0 votes
Answer accepted
Joshua Sneed Contegix
Joshua Sneed Contegix
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 24, 2022

Hi ZPS GPM,

I'm not API guy, but maybe something like --header "X-Atlassian-Token: no-check in there. Otherwise I would check out: https://developer.atlassian.com/server/confluence/confluence-rest-api-examples/

Cheers!

View More Comments
ZPS GPM
ZPS GPM January 24, 2022

Hi @Joshua Sneed Contegix 

that did the trick! Thx a lot!

I didn't get that from the examples and all the other community posts... :-(((

Here is the complete curl command for other users seeking help (with personal access token):

curl -k -H "Authorization: Bearer <token>" -H "X-Atlassian-Token: no-check" -X POST https://conf-test.server/rest/zdu/start

Like
Joshua Sneed Contegix
Joshua Sneed Contegix
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 25, 2022

Welcome ZPS GPM!
It isn't explicitly clear, but makes sense when you realize there are a handful of cookies/tokens that are handled by the browser and checked by Confluence. It is necessary to tell the API that you don't need some of those (because you are not a browser) and then you are allowed to do what you need. Happy automation, cheers!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.13.2
TAGS
AUG Leaders

Atlassian Community Events

    See all events