Failed Requests on Fisheye Crucible Instance Behind Proxy: 'Additional XSRF Checks Failed' WARN messages

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Performing actions like creating Application links, downloading Support Zips or even creating reviews fails with "Additional XSRF checks failed for request" messages logged on a Fisheye Crucible instance behind proxy.

Environment

All

Diagnosis

  • Check if user is accessing the Fisheye Crucible instance from behind a Proxy.

  • When doing any of the actions like Downloading Support Zips or creating Application Links, the request fails and "Additional XSRF checks failed" WARN message is logged in Server logs.

    (Auto-migrated image: description temporarily unavailable)

    Server logs:

    1 2 2023-11-05 10:47:18,700 WARN [qtp2031951755-3011 url: /rest/analytics/1.0/publish/bulk; user: ******* ] com.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilter XsrfResourceFilter-passesAdditionalBrowserChecks - Additional XSRF checks failed for request: http://instenv-**************.atl-test.space/rest/analytics/1.0/publish/bulk , origin: https://http://instenv-**************.atl-test.space , referrer: https://ihttp://instenv-**************.atl-test.space/plugins/servlet/troubleshooting/view/ , credentials in request: true , allowed via CORS: false 2023-11-05 10:47:41,486 WARN [qtp2031951755-3011 url: /rest/troubleshooting/latest/support-zip/local; user: ******* ] com.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilter XsrfResourceFilter-passesAdditionalBrowserChecks - Additional XSRF checks failed for request: http://instenv-**************.atl-test.space/rest/troubleshooting/latest/support-zip/local , origin: https://http://instenv-**************.atl-test.space , referrer: https://http://instenv-**************.atl-test.space/plugins/servlet/troubleshooting/view/ , credentials in request: true , allowed via CORS: false

Cause

  • This happens when the Proxy Settings are not properly configured on the Fisheye Crucible instance.

Solution

  • Configure the correct Proxy Settings on your Fisheye Crucible instance from "Admin → Global Settings → Server" as shown in below example.

    (Auto-migrated image: description temporarily unavailable)

    Kindly update the values as per your own environment.

  • Restart your Fisheye Crucible instance for the configuration to take effect.

  • After the restart the <web-server> directive in your config.yml should be updated to reflect the changes as shown in the below example.

    1 2 3 <web-server site-url="https://{{SiteURL}}"> <http bind=":8060" proxy-host="{{proxy_url}}" proxy-port="443" proxy-scheme="https"/> </web-server>

Updated on March 17, 2025
Platform
Data Center only
Products
Crucible Data Center
Fisheye Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community