Unable to create new issues after upgrading to Jira 7
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
このページの内容はサポート対象外のプラットフォームに関連しています。したがって、アトラシアン サポートではこのページの記載内容のサポートの提供は保証されません。この資料は情報提供のみを目的として提供されています。内容はお客様自身の責任でご利用ください。
問題
Users are unable to create any issue, when the "Create" issue button is clicked the browser returns below error:
診断
Diagnostic Steps
- Issue happens after upgrading to JIRA 7
- JIRA instance behind a reverse proxy
- atlassian-jira.log is throwing below XSRF check errors
2016-03-24 11:41:39,639 http-nio-8080-exec-9 WARN username 701x48328x3 1sx07jj 10.50.8.252,127.0.0.1 /rest/webResources/1.0/resources [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: http://jiradev.domain.com/rest/webResources/1.0/resources , origin: null , referrer: https://jiradev.domain.com/secure/Dashboard.jspa , credentials in request: true , allowed via CORS: false
原因
Tomcat is not "aware" of the reverse proxy due to "proxyName" and "proxyPort" are not specified in the connector in server.xml. As a result the browser request is blocked, due to REST API not receiving the expected hostname/port from the origin header value.
Further reading: Cross Site Request Forgery (CSRF) protection changes in Atlassian Rest
ソリューション
Specify the proxyName and proxyPort parameters in server.xml, for example:
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName="jiradev.domain.com"
proxyPort="443"
scheme="https"/>
In this example, jiradev.domain.com would be the URL that users use to access JIRA through the proxy.