Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Push Webhook fails invoking REST endpoint - XSRF check failed

shivaarava
shivaarava March 12, 2018

I created a "Push" webhook in Bitbucket and when I try testing the URL, I come back with this error.

When I test the connection with the details below.  the test fails with "XSRF check failed" message.

However, when I have the REST service deployed on my local tomcat instance, such as - http://localhost:8080/bb_v1/api/webhook/postcommit, the call works.

Failure scenario

URL - http://machinename:7990/rest/v1_4_bb/1.1/webhook/postcommit

Request details

Event type:

Test connection event

URL endpoint:

http://machinename:7990/rest/v1_4_bb/1.1/webhook/postcommit

Headers

X-Request-Id: fd3c22ca-23b3-486a-9ad5-a1f5c5f5b4f1
X-Event-Key: diagnostics:ping

Body

No body

Response details

HTTP status:

403

Headers

X-AREQUESTID: @15H2BMUx691x42x1
Transfer-Encoding: chunked
X-ASEN: SEN-L9863425
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Date: Mon, 12 Mar 2018 15:31:23 GMT
Via: 1.1 localhost (Apache-HttpClient/4.4.1 (cache))
Content-Type: text/html

Body

XSRF check failed

 

 

Answer
Watch
Like Be the first to like this
1012 views

2 answers

0 votes
Rodion Alukhanov
Rodion Alukhanov
Contributor
September 8, 2021

Bitbucket sends the requests. What service receives this request? It it is an Atlassian product like Atlassian Bamboo, the solution is described here:

https://confluence.atlassian.com/cloudkb/xsrf-check-failed-when-calling-cloud-apis-826874382.html

You need to add a additional Header. 

    X-Atlassian-Token: no-check

I would expect BitBucket sets such a header by default. Is it possible, you have some old version or some proxy server in between?

Alternately - in case of Bamboo - you can disable the XSRF protection in Security Settings. 

Reply
0 votes
Rodrigo M
Rodrigo M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 19, 2018

Hey Shivaarava

 

Usually XSRF check failed errors are related to proxy configuration.

Can you please take a look at the Cross Site Request Forgery (CSRF) protection changes in Atlassian REST and try the resolutions mentioned on that article?

 

Regards!

Rodrigo.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.