Associating Custom Field to Screen Results in XSRF Security Token Missing error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Attempting to associate Custom fields to a Screen leads to an XSRF token error, as seen below in the UI:

(Auto-migrated image: description temporarily unavailable)

The following appears in the atlassian-jira.log

1 2019-11-05 08:51:10,591 https-jsse-nio-8443-exec-1 INFO username 111x1111x1 xxxx x.x.x.x /secure/admin/AssociateFieldToScreens.jspa [c.a.j.web.action.XsrfErrorAction] The security token is missing for 'username'. User-Agent : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36'

Diagnosis

Environment

  • Occurs on a custom field that has 1000+ screens already associated with it

  • Instance has 10,000+ screens

Diagnostic Steps

The atlassian-jira.log may contain the following entries on the first occurrence of the problem:

1 2 3 org.apache.tomcat.util.http.Parameters processParameters INFO: More than the maximum number of request parameters (GET plus POST) for a single request ([10,000]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector. Note: further occurrences of this error will be logged at DEBUG level.

In the HAR file, on AssociateFieldToScreens request, the total rows in formData exceed 10,000 rows which are the list of parameters in the particular request. Example:

(Auto-migrated image: description temporarily unavailable)

Cause

The parameters count exceed the default configured in Tomcat, which is 10,000.

Solution

Workaround

Go to a screen and add a custom field from there.

Resolution

Adding and modifying the maxParameterCount parameter within the server.xml file will allow a larger HTML request to process. By default, this parameter is set to 10,000 and can be incrementally increased to find an optimal setting for the problematic HTML request:

  1. Stop Jira.

  2. Edit server.xml to make sure the connector has the maxParameterCount configuration, for example:

    1 2 3 4 5 6 7 8 9 10 11 12 13 <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" acceptCount="100" disableUploadTimeout="true" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" maxParameterCount="10100" />

  3. Start Jira

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community