403 Forbidden error when creating a Bitbucket Cloud or GitHub Repository in Bamboo

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

When creating a Bitbucket.org (Cloud) or GitHub repository in Bamboo, you receive the error message: Failed to load data from Bitbucket. [403 Forbidden] / Failed to load data from GitHub. [403 Forbidden].

The following warning is observed in the <bamboo-home>/atlassian-bamboo.log:

Bitbucket:

2017-01-23 12:08:00,618 WARN [http-nio-8085-exec-13] [XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:8085/rest/hg/latest/bb/repositories/ , origin: https://domain , referrer: https://domain/build/admin/create/newPlan.action , credentials in request: true , allowed via CORS: false

GitHub:

2017-01-23 12:08:00,618 WARN [http-nio-8085-exec-13] [XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:8085/rest/git/latest/gh/repositories/username/ , origin: https://domain , referrer: https://domain/build/admin/create/newPlan.action , credentials in request: true , allowed via CORS: false


原因

This usually happens due to Tomcat configuration issues when running Bamboo behind a reverse proxy or load balancer.

If you have installed Bamboo using the Bamboo EC2 Wizard and you're unsure if there is a reverse proxy present, the wizard installs an Apache reverse proxy in-front of Bamboo thus making the following configuration relevant. There's a bug report logged here that is specific to the EC2 wizard not configuring these settings initially:

Regardless of any fix to the wizard, due to the dependency of this configuration being specific to the URL the application is accessed on this configuration still may need to be updated manually at some point.

ソリューション

If Bamboo is run behind a proxy and you are encountering issues with the origin based CSRF protection then please check if the following parameters are correctly configured in the <bamboo-install>/conf/server.xml (located in /media/atlassian-data/installs/bamboo/current/conf if you installed Bamboo via the EC2 Wizard) for the tomcat connector that your proxy is forwarding connections to:

  • proxyName の構成内容が、アプリケーションがアクセスされているホスト名に一致するかどうか
  • proxyPort の構成内容が、アプリケーションがアクセスされているポートに一致するかどうか
  • scheme の構成内容が、アプリケーションがアクセスされているスキーマに一致するかどうか 

Any changes to the server.xml will require Bamboo to be restarted to take effect.


For example, if Bamboo is running behind apache and the url to access Bamboo is https://example.domain/ then the correct proxy settings are the following

  • proxyName="example.domain"
  • proxyPort="443"
  • scheme="https"

For the same example, and Bamboo is accessed over http instead of https:

  • proxyName="example.domain"
  • proxyPort="80"
  • scheme="http"

For reference, here is an example of the connector after the attributes have been added when the reverse proxy is proxying requests from https://example.domain to the tomcat http connector on port 8085:

<Connector
            protocol="HTTP/1.1"
            port="8085"

            maxThreads="150" minSpareThreads="25"
            connectionTimeout="20000"
            disableUploadTimeout="true"
            acceptCount="100"

            enableLookups="false"
            maxHttpHeaderSize="8192"

            useBodyEncodingForURI="true"
            URIEncoding="UTF-8"

            redirectPort="8443"
            scheme="https"
            proxyName="example.domain"
            proxyPort="443"
            />

最終更新日 2019 年 9 月 23 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.