Confluence isn't able to integrate to Hipchat as XSRF Checks Failed
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
User is not able to integrate Confluence and HipChat when following the steps provided in the Use HipChat and Confluence together documentation
atlassian-confluence.log: に次のメッセージが出力される。
2016-08-04 08:55:10,594 WARN [http-nio-8090-exec-19] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed
for request: <ConfluenceBaseURL>/rest/analytics/1.0/publish/bulk , origin: null , referrer: <ConfluenceBaseURL>/plugins/servlet/hipchat/configure , credentials in request: true , allowed via CORS: false
-- referer: <ConfluenceBaseURL>/plugins/servlet/hipchat/configure | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 906e4509a343baaf | userName: admin
...
2016-08-04 08:55:10,622 WARN [http-nio-8090-exec-18] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: <ConfluenceBaseURL>/rest/webResources/1.0/resources , origin: null , referrer: <ConfluenceBaseURL>/plugins/servlet/hipchat/configure , credentials in request: true , allowed via CORS: false
-- referer: <ConfluenceBaseURL>/plugins/servlet/hipchat/configure | url: /confluence/rest/webResources/1.0/resources | traceId: a8de9b55c5dcd7c1 | userName: admin診断
環境
- Confluence is running behind HTTP based reversed proxy.
原因
With the recent Cross Site Request Forgery (CSRF) protection changes in our Atlassian REST calls, some browser requests would be blocked if the origin of the request is not trusted. Thus, when Confluence is running behind a reverse proxy, Tomcat then must be made aware of the reverse proxy - this ensures that responses from Tomcat have the correct (trusted) hostname information. Having said that, the necessary reverse proxy information must be included in <Confluence-Installation>/conf/server.xml file.
For more information on this, please refer to Cross Site Request Forgery (CSRF) protection changes in Atlassian REST KB article.
ソリューション
Please specify the necessary proxyName, proxyPort and scheme configurations to your <Confluence-Installation>/conf/server.xml file.
例:
This is the default HTTP connector in Confluence 5.10.x:
<Connector port="5102" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol"/>If you were configuring this proxy to be used at https://confluence.atlassian.com/ you would configure it like this:
<Connector port="5102" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="confluence.atlassian.com" proxyPort="443" scheme="https" />