Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

xsrf check failed

Keith Comer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 25, 2015

Using JIRA Cloud. When I use cURL to create an issue, I get the response "XSRF check failed". If I pass the wrong auth credentials I get a 401 error. I am using Basic HTTP auth. I am passing the X-Atlassian-Token: no-check header.

This was working fine until a few weeks ago. Any help is appreciated. 

3 answers

0 votes
leonliusg April 11, 2016

try to add a header name: "origin", value: JIRA base url

Charlie Misonne
Community Champion
October 13, 2016

how do you deal with this when the rest call is made form javascript in the browser?
As far as I'm aware it's not possible to alter the origin header

0 votes
Keith Comer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 27, 2015

Sorry for the slow response. Atlassian has insane rules about people posting once every 24 hours until they get 3 points. I also tried that. Found several articles about that bug. I get the same error with nocheck and no-check. Here are the curl headers I am sending. POST /rest/api/latest/issue/ HTTP/1.1 Authorization: Basic ****removed***** User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1 Host: ppwizard.atlassian.net Accept: */* Content-Type: application/json X-Atlassian-Token: nocheck Content-Length: 160 post data is {"fields":{"project":{"key":"PMSS"},"summary":"test2","description":"test2\n\nKeith Comer [mailto:keith@propertypreswizard.com]\n","issuetype":{"name":"OOBB"}}} I get HTTP/1.1 403 Forbidden returned with XSRF check failed

0 votes
Jared Dohrman [Design Industries]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 25, 2015

Hi @Keith Comer,

It should be 'nocheck' without '-'

Thanks,

Jared - Design Industries

Scott Welker
Contributor
October 7, 2016

For the benefit of others, depends upon the version. The v5.10 Confluence REST API gave me the following. Presumably JIRA followed suit.

"Use of the 'nocheck' value for X-Atlassian-Token has been deprecated since rest 3.0.0. Please use a value of 'no-check' instead.

 

Suggest an answer

Log in or Sign up to answer
TAGS
atlassian, loom, loom for training, loom for teaching, video training, async learning, online education, screen recording, loom tutorials, loom use cases, atlassian learning, team training tools, instructional video, virtual training tools

🛗 Elevate Your Training and Enablement with Loom

Join us June 26, 11am PT for a webinar with Atlassian Champion Robert Hean & Loom’s Brittany Soinski. Hear tips, stories, and get your burning questions answered. Learn how Loom makes training and enablement easier. Don’t miss it!

Register today
AUG Leaders

Atlassian Community Events