Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

xsrf check failed

Keith Comer
Keith Comer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 25, 2015

Using JIRA Cloud. When I use cURL to create an issue, I get the response "XSRF check failed". If I pass the wrong auth credentials I get a 401 error. I am using Basic HTTP auth. I am passing the X-Atlassian-Token: no-check header.

This was working fine until a few weeks ago. Any help is appreciated. 

Answer
Watch
Like Be the first to like this
5474 views

3 answers

0 votes
leonliusg
leonliusg April 11, 2016

try to add a header name: "origin", value: JIRA base url

View More Comments
Charlie Misonne
Charlie Misonne
Community Champion
October 13, 2016

how do you deal with this when the rest call is made form javascript in the browser?
As far as I'm aware it's not possible to alter the origin header

Like
Reply
0 votes
Keith Comer
Keith Comer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 27, 2015

Sorry for the slow response. Atlassian has insane rules about people posting once every 24 hours until they get 3 points. I also tried that. Found several articles about that bug. I get the same error with nocheck and no-check. Here are the curl headers I am sending. POST /rest/api/latest/issue/ HTTP/1.1 Authorization: Basic ****removed***** User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1 Host: ppwizard.atlassian.net Accept: */* Content-Type: application/json X-Atlassian-Token: nocheck Content-Length: 160 post data is {"fields":{"project":{"key":"PMSS"},"summary":"test2","description":"test2\n\nKeith Comer [mailto:keith@propertypreswizard.com]\n","issuetype":{"name":"OOBB"}}} I get HTTP/1.1 403 Forbidden returned with XSRF check failed

Reply
0 votes
Jared Dohrman [
Jared Dohrman [Design Industries]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 25, 2015

Hi @Keith Comer,

It should be 'nocheck' without '-'

Thanks,

Jared - Design Industries

View More Comments
Scott Welker
Scott Welker
Contributor
October 7, 2016

For the benefit of others, depends upon the version. The v5.10 Confluence REST API gave me the following. Presumably JIRA followed suit.

"Use of the 'nocheck' value for X-Atlassian-Token has been deprecated since rest 3.0.0. Please use a value of 'no-check' instead.

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, loom, loom for training, loom for teaching, video training, async learning, online education, screen recording, loom tutorials, loom use cases, atlassian learning, team training tools, instructional video, virtual training tools

🛗 Elevate Your Training and Enablement with Loom

Join us June 26, 11am PT for a webinar with Atlassian Champion Robert Hean & Loom’s Brittany Soinski. Hear tips, stories, and get your burning questions answered. Learn how Loom makes training and enablement easier. Don’t miss it!

Register today
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.