Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Having trouble creating an attachment through the Jira API

Chad_Lei
Chad_Lei November 9, 2018

I used a POST to https://jiradev.ngptools.com /jira/rest/api/2/issue/<caseID>/attachments

I have the authentication info in the header as usual.

I set the media type to multipart/form-data, content type for my test is text/plain and contentID testfile2.txt 

When I submit, I receive a response of the following – a 404 and XSRF check failed.  Researching the XSRF check failure, I found at Atlassian article that mentioned this can happen if the origin is not trusted – is there something we need to do on our side? 

 

Thanks for your help.

 

HTTP/1.1 404

Date: xxxx

Server: Apache/2.4.27 (Ubuntu)

X-AREQUESTID: 1190x9229x1

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

Content-Security-Policy: frame-ancestors 'self'

X-ASEN: SEN-xxxx

X-Seraph-LoginReason: OK

X-ASESSIONID: xxxx

X-AUSERNAME: xxxx

Cache-Control: no-cache, no-store, no-transform

Content-Type: text/plain;charset=UTF-8

Set-Cookie: JSESSIONID=xxxx;path=/jira;Secure;HttpOnly

Set-Cookie: atlassian.xsrf.token=xxxx;path=/jira;Secure

Keep-Alive: timeout=3600, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

XSRF check failed

Answer
Watch
Like Dobrivoje Prtenjak likes this
3713 views

1 answer

0 votes
Elifcan Cakmak
Elifcan Cakmak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 11, 2018

Hello,

I encountered "XSRF check failed" error before and when I used 

"X-Atlassian-Token": "nocheck"

in the header while using the POST. You can try it out.

Regards,

Elifcan

View More Comments
Chad_Lei
Chad_Lei November 14, 2018

that got rid of the XSRF error and i got an HTTP 200 back!

yet still no success with seeing an attachment on an issue 

 

What I sent:

POST /jira/rest/api/2/issue/xxx-xx/attachments HTTP/1.1

Host: jiradev.ngptools.com

Authorization: Basic Z2VyYWxkaGFydG1hbjpWVzJkXW58NF1DNUw=

X-Atlassian-Token: nocheck

Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

cache-control: no-cache

Postman-Token: a69e3354-bef9-4236-865d-d66d9d853f35

 

Content-Disposition: form-data; name=""; filename="C:\Users\xxxx\Documents\Work\xxxx\xxxx\Testing\xxxx.txt

 

 

------WebKitFormBoundary7MA4YWxkTrZu0gW--

 

I also tried just embedding text – same result – no error, but no attachment:

POST /jira/rest/api/2/issue/xxx-xx/attachments HTTP/1.1

Host: jiradev.ngptools.com

Authorization: Basic Z2VyYWxkaGFydG1hbjpWVzJkXW58NF1DNUw=

X-Atlassian-Token: nocheck

Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

cache-control: no-cache

Postman-Token: 7c5485fd-dcf4-4c8e-b3b2-0218b7d05ad2

 

Content-Disposition: form-data; name=""

 

Line of text

------WebKitFormBoundary7MA4YWxkTrZu0gW--

Like
Elifcan Cakmak
Elifcan Cakmak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 15, 2018

Hello,

Is it possible that the user you are using to send post request don't have create attachment permission on that project?

Regards,

Elifcan

Like
Chad_Lei
Chad_Lei November 15, 2018

i believe i do have permissions, could it be any other issue?

Like
Elifcan Cakmak
Elifcan Cakmak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 16, 2018

Hello,

This might be a little silly but worth a try :) Could you try like this:

POST /rest/api/2/issue/xxx-xx/attachments HTTP/1.1

Host: jiradev.ngptools.com/jira

It might be related to Postman. Maybe you can also try the request it with curl?

https://confluence.atlassian.com/jirakb/how-to-add-an-attachment-to-a-jira-issue-using-rest-api-699957734.html

Regards,

Elifcan

Like
Teja P
Teja P
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 27, 2021

Hi, Any luck on this issue. Can anyone help me out on how to resolve this XSRF check failed issue for JIRA attachments API. 

Any help/suggestions will be really helpful.

Thanks

Like Thierry Incognito likes this
Thierry Incognito
Thierry Incognito
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 17, 2021

Am also running into this issue and would love to know why it is still returning "XSRF check failed". Have no issue attaching files to an issue normally, but can't seem to get past response code 404 "XSRF check failed". Below is what my call looks like:

headers={"Accept": "application/json", "X-Atlassian-Token" : "no-check"}

## have also removed "Accept" as well ##

url=base_url+"rest/api/3/issue/"+jira_id+ "/attachments/"
response = requests.post(url,headers,auth=auth,files={ "file" : (filename, open(rfilename,"rb"), content_type)})

We don't seem to have an issue with any other API requests at present, so being able to resolve this would be great. Thanks!!

 

Quick update: Tried doing the same thing via curl and got a similar error message: "XSRF check failedcurl: (6) Could not resolve host: no-check"

Like
Matthew Crocco
Matthew Crocco
Contributor
March 8, 2022

I did not debug too much but when I run requests.requests("POST" .... it works,

files={'file': ('attachment.png',open('{}/attachment.png'.format(pth),'rb'), 'application-type')}
headers = {
'Accept': 'application/json',
'X-Atlassian-Token': 'No-Check',
'Authorization': 'Basic {}'.format(token)
}
response = requests.request("POST", url, headers=headers, data=payload, files=files, verify=False)

but when I run requests.post .... I get the 404 error as well. 

Like
Thierry Incognito
Thierry Incognito
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 22, 2022

Interesting. I just tried the same thing and it worked. Weird. 

 

Thanks!!!

Like Matthew Crocco likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.