Unable to establish an Application Link in Bamboo with additional XSRF checks failed error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When attempting to link an application using the Application Links feature in Bamboo, an error is consistently encountered. The logs found in the <bamboo-home>/logs/atlassian-bamboo.log file reveal instances of the XSRF (Cross-Site Request Forgery) check failure.

2023-06-28 11:51:55,512 WARN [http-nio-8085-exec-11] [XsrfResourceFilter] Additional XSRF checks failed for request: http://BAMBOO_URL/bamboo/rest/analytics/1.0/publish/bulk , origin: https://BAMBOO_URL, referrer: https://BAMBOO_URL/bamboo/plugins/servlet/applinks/listApplicationLinks , credentials in request: true , allowed via CORS: false

Other symptoms:

Unable to generate a Support Zip
A "Background page refresh cannot contact server. Please ensure Bamboo server is available." error message pops-up
Unable to dedicate agents with no error message in the User Interface.
The Instance healthpage is blank.
"An unexpected error has occurred" pop-up while accessing certain Bamboo pages.

Environment

The issue is seen on Bamboo 9.2.1 but is applicable to any supported version.

Diagnosis

The problem is seen while trying to establish an Application Link via ⚙️ > Overview > Application Links page, there is an error in the UI where you can't establish the link and you see something like this in <bamboo-home>atlassian-bamboo.log file

2023-06-28 11:51:55,512 WARN [http-nio-8085-exec-11] [XsrfResourceFilter] Additional XSRF checks failed for request: http://BAMBOO_URL/bamboo/rest/analytics/1.0/publish/bulk , origin: https://BAMBOO_URL, referrer: https://BAMBOO_URL/bamboo/plugins/servlet/applinks/listApplicationLinks , credentials in request: true , allowed via CORS: false

Cause

The most common cause for this is a misconfigured server.xml file inside the Bamboo installation folder, with missing proxy properties. You can find more information about the XSRF checks in the following documentation:

Cross-Site Request Forgery (CSRF) protection changes in Atlassian REST

Solution

Check the <bamboo-installation>/conf/server.xml and verify if the connector is properly configured, like in the example below. Usually, one of (or all) the following properties are missing: secure, scheme, proxyName, and proxyPort.

<Connector

port="8085"

protocol="HTTP/1.1"

maxThreads="150"minSpareThreads="25"

connectionTimeout="20000"

disableUploadTimeout="true"

acceptCount="100"

enableLookups="false"

maxHttpHeaderSize="8192"

useBodyEncodingForURI="true"

URIEncoding="UTF-8"

redirectPort="443"

compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"

secure="true"

scheme="https"

proxyName="proxy-bamboo.com"

proxyPort="443">

<UpgradeProtocolclassName="org.apache.coyote.http2.Http2Protocol"/>

</Connector>

Updated on April 8, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support