Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to upgrade addon

Mark Murawski
Mark Murawski
Contributor
November 6, 2017

I'm getting a nondescript error when trying to upgrade an addon:

 

Confluence: 6.5.0

Addon: HTML Elements (From 2.1.0 to 2.4.0)

 

The 'Check the logs' message is not super helpful so far.  The only thing so far I've found in the logs is the following:

 

/var/atlassian/application-data/confluence/logs/atlassian-confluence.log

 

2017-11-06 17:22:03,117 WARN [http-nio-8090-exec-9] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://doc.localnet:443/rest/plugins/1.0/ , origin: null , referrer: https://doc.localnet/plugins/servlet/upm , credentials in request: true , allowed via CORS: false
 -- referer: https://doc.localnet/plugins/servlet/upm | url: /rest/plugins/1.0/ | traceId: 06d53558cba50671 | userName: markm

Also, I think the error I'm having about the base url has something to do with it.  We're using https behind an apache proxy, and have all the correct settings in place in confluence server.xml according to the docs.  And yet there's an internal request to the non https url.  Which might be causing the problem?


 

     <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="doc.localnet" proxyPort="443" schema="https" secure="true"/>

 

Edited to add screenshots:

https://i.imgur.com/FEvvtG8.png

https://i.imgur.com/HR5x9UZ.png

 

Also... Upgrades problems with addons (and the base url error) are new.  We didn't have problem ever when running confluence 6.2.1

Answer
Watch
Like Be the first to like this
1175 views

1 answer

1 accepted

0 votes
Answer accepted
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 7, 2017

Please see Cross Site Request Forgery (CSRF) protection changes in Atlassian REST

Per the error message you found, Confluence is seeing the request as coming from: http://doc.localnet:443/rest/plugins/1.0/ and the referrer as https://doc.localnet/plugins/servlet/upm. Since the port is different there is a cross site scripting error preventing you from updating the plugin.

I noticed a typo in the server.xml snippet in your description:

schema="https" should be scheme="https"

If that typo is in the actual server.xml it may be causing problems with the proxy support.

View More Comments
Mark Murawski
Mark Murawski
Contributor
November 21, 2017

Thanks!

 

This was the issue.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.