Changing Workflow Scheme Results in XSRF Token Error
Attempting to change a project's workflow scheme leads to an XSRF token error, as seen below:
http-bio-8080-exec-24 INFO jira_admin 677x1631x1 c0fg5v 0:0:0:0:0:0:0:1 /secure/project/SelectProjectWorkflowSchemeStep2.jspa [jira.web.action.XsrfErrorAction] The security token is missing for 'jira_admin'. User-Agent : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:33.0) Gecko/20100101 Firefox/33.0'
This problem will likely only present itself in large instances of JIRA.
- The workflow scheme contains a workflow with multiple unmapped statuses
atlassian-jira.log may contain the following entries on the first occurrence of the problem:
org.apache.tomcat.util.http.Parameters processParameters INFO: More than the maximum number of request parameters (GET plus POST) for a single request ([10,000]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector. Note: further occurrences of this error will be logged at DEBUG level.
The change in workflow schemes is generating too large an HTML request (GET plus POST requests) for the Apache Tomcat connector to handle with default settings, as defined in the JIRA_INSTALL/conf/server.xml file.
Adding and modifying the maxParameterCount parameter within the server.xml file will allow a larger HTML request to process. By default, this parameter is set to 10,000 and can be incrementally increased to find an optimal setting for the problematic HTML request:
<Connector port="8080" maxParameterCount="30000" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>
There are very few cases where JIRA requires so large an HTML request. As such, it may be best to only temporarily increase this parameter to perform the workflow scheme association, then set it back to default.