Bitbucket throws XSRF token validation failed error during OAuth connection
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
On attempting to establish an OAuth connection with Bitbucket, the following error is received after clicking the 'Accept' button:
Error Text
Welcome to Bitbucket
Xsrf token validation failed環境
- Bitbucket Server/Data Center
- Third-party plugins have been installed
診断
On first being directed to Bitbucket, if you open Chrome Developer Tools (F12) → Network → authorize?oauth_callback... and review the Response Headers section, the following cookie should be getting set:
However - instead, the following cookies are the only ones present when the request is submitted to Bitbucket on hitting the 'approve' button:
"cookies": [
{
"name": "BITBUCKETSESSIONID",
"value": "REALLYLONGHEXADECIMALSTRING",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "_atl_bitbucket_remember_me",
"value": "ANOTHERREALLYLONGRANDOMSTRING",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "wit-announce-token",
"value": "REALLYLONGHEXADECIMALSTRING-BUT-THIS-TIME-WITH-DASHES",
"expires": null,
"httpOnly": false,
"secure": false
}
],原因
The expected atl.xsrf.token cookie is not being set due to an installed third-party plugin that is removing the cookie or blocking it from being set in the first place.
In previously seen instances of this issue, the following plugins have resulted in this issue:
| 名前 | vendor | バージョン | プラグイン キー |
|---|---|---|---|
Announcer for Bitbucket | Wittified Atlassian Add-Ons (An Appfire Company) | 3.5 | com.wittified.atl-announcer-stash |
ソリューション
Attempt to disable the faulting plugin, and see if the issue can still be reproduced. If the issue is resolved, it's recommended to check the offending plugin to see if any upgrades are available, or to reach out to the support resources for this plugin listed on the Atlassian Marketplace.
If your team is unsure which plugin could be causing the issue, it's recommended to try enabling 'Safe Mode' and then to try reproducing the issue using the following steps:
Performing these steps will temporarily disable all user-installed plugins within the Bitbucket server instance
- Navigate to Administration > Add-ons > Manage add-ons.
- Click on the Enter safe mode link at the bottom of the page.
- Click on Enter safe mode when you are prompted to confirm the operation.
- Attempt to reproduce the issue in question.
- When finished, you can exit safe mode by clicking on Exit Safe Mode and restore the previous configuration back on the Manage add-ons page.