I'm running Jira Server and Confluence Server and am working on creating a custom interface in Confluence to create and update Jira issues.  The applications have been linked via app links and as such have been whitelisted with each other accordingly.  The authentication appears to be working correctly in that I can successfully issue GET requests to Jira via Confluence using JavaScript when logged in to Confluence.  However when trying to issue POST or PUT requests via ajax I get 403 responses with XSRF failures.  I've read the existing answers on this forum extensively and have tried including the X-Atlassian-Token and various other techniques mentioned without success.  I see that XRSF changes were made recently (https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html) and that because the request is coming from a known browser it fails checks, but even when changing the User-Agent on a browser that allows it (just for testing) it fails the same way.

It appears that Jira does not want me to make POST/PUT requests from JavaScript being run in a browser client (even from a Confluence origin that is app linked, whitelisted, and authenticated).  So what is the correct "Atlassian Approved" way to handle this task?  Do I have to make changes at the server config level or is there a more integrated solution?