Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Additional XSRF checks failed

Michael Wolfe
Michael Wolfe
Community Champion
June 19, 2018

I'm using Apache to proxy connections over SSL.  Once I got this working I noticed that I wasn't able to update add-ons.  Here is the error message that appears in the logs. 

Additional XSRF checks failed for request: https://bitbucket.domain.com:7443/rest/plugins/1.0/ , origin: https://bitbucket.domain.com , referrer: https://bitbucket.domain.com/plugins/servlet/upm , credentials in request: true , allowed via CORS: false

Here is what I have configured in .properties

server.port=7990
server.address=<ipAddress>
server.redirect-port=7443
server.ssl.enabled=true

server.port=7443
server.address=<ipAddress>
server.secure=true
server.scheme=https
server.ssl.protocol=TLSv1.2
server.ssl.enabled=true
server.ssl.key-store=/usr/local/java/jre1.8.0_171/lib/security/cacerts
server.ssl.key-store-password=Passw0rd
server.ssl.key-password=Passw0rd
server.proxy-port=7443
server.proxyName=bitbucket.domain.com
#server.additional-connector.1.ssl.client-auth=want
server.ssl.key-store-type=jks

Can someone tell me what I'm missing?

Answer
Watch
Like Be the first to like this
8824 views

1 answer

0 votes
Rodrigo M
Rodrigo M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 19, 2018

Hello Michael

Looking at bitbucket.properties, it seems that you have a few duplicated parameters set, such as server.port. You need to set additional connectors using the prefix server.additional-connector.#, where # is the connector number. Please take a look at Server Connectors properties which describes the necessary connectors parameters.

We also have a KB for the XSRF errors, you may review it after setting the correct parameters on bitbucket.properties.

Rodrigo

View More Comments
Michael Wolfe
Michael Wolfe
Community Champion
June 20, 2018

If I add server.additional-connector.1.port=7443 for SSL, bitbucket doesn't load in a web browser.  I'm currently proxying connections via Apache, so maybe there is something not working together as it should.  Seeing that I would rather my connections go over SSL I've even omitted 7990 and only specified 7443 for SSL, but ElasticSearch still fails to start.  Based on my Apache config for Bitbucket, and my .properties file, what do you suggest I change?  What I have configured below is what is working for the most part, but I still see errors about ElasticSearch failing.

<VirtualHost bitbucket.domain.com:80>
ServerName bitbucket.domain.com
Redirect / https://bitbucket.domain.com/

</VirtualHost>

<VirtualHost bitbucket.domain.com:443>
ServerName bitbucket.domain.com

SSLEngine on
SSLCertificateFile /etc/ca-certificates/bitbuckettestssl.cer
SSLCertificateKeyFile /etc/ca-certificates/bitbuckettestssl.key
SSLCertificateChainFile /etc/ca-certificates/root.crt


ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine On
ProxyPass / https://bitbucket.domain.com:7443/
ProxyPassReverse / https://bitbucket.domain.com:7443/

</VirtualHost>

#server.port=7990
server.address=ipAddress
#server.redirect-port=7443
server.ssl.enabled=true

server.port=7443
server.secure=true
server.scheme=https
server.ssl.protocol=TLSv1.2
server.ssl.enabled=true
server.ssl.key-store=/usr/local/java/jre1.8.0_171/lib/security/cacerts
server.ssl.key-store-password=Passw0rd
server.ssl.key-password=Passw0rd
#server.proxy-port=7443
server.proxyName=bitbucket.domain.com
#server.additional-connector.1.ssl.client-auth=want
server.ssl.key-store-type=jks

Like
Rodrigo M
Rodrigo M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 20, 2018

Hi Michael

Are you attempting to terminate SSL on your proxy or Bitbucket level? 
We have an example on how to configure an apache proxy. Please take a look at the documents below:
Proxying and securing Bitbucket Server
Securing your Atlassian applications with Apache using SSL
Migrate server.xml customizations to bitbucket.properties

If you want to add an additional connector, you can add the server.additional-connector.1.port=7990 parameter for example. This way you could also access the application through port 7990 via HTTP.

Regarding elasticsearch, what is the error that is shown on the logs? You also may want to look at the Troubleshooting Connection Issues for Elasticsearch.

Regards
Rodrigo

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.