XSRF_FAILURE_BAD_TOKEN when trying to perform some actions in Bamboo

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When attempting to start a build Plan or perform other actions in Bamboo, the following error message shows up:

Environment

All Bamboo versions configured with a Proxy/Load Balancer.

Diagnosis

Once the XSRF token validation failed error appears, you can check the <BAMBOO_HOME>/logs/atlassian-bamboo.log file for more. Below are some examples of possible messages you may see:

Scheme: https
Server: <BaseURL>
Port: 443
URI: /builds/build/admin/triggerManualBuild.action
Context path: /builds
Servlet path: /build/admin/triggerManualBuild.action
Path info:
Query string: buildKey=<buildkey>
Stack Trace:
java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_TOKEN).
at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66)
at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
...
2024-02-23 11:41:56,426 WARN [http-nio-8085-exec-25 url: /bamboo/build/admin/restartBuild.action; user: <username>] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:<session-id> due to XSRF_FAILURE_BAD_TOKEN

Cause

It has been observed that this particular error is thrown under a few conditions i.e. when the HTTP Request parameter (atl_token) does not match the XSRF token in the cookie. In other words, when the required security token associated with your browser session is not present, is corrupted, or cannot be detected. Since this is directly affected by Proxy/Load Balancer settings, please see more details in our Cross Site Request Forgery (CSRF). documentation.

Solution

Browser

  1. Use Incognito mode (or Private mode) on your browser and login to Bamboo and see if the same error appears. It could be that the error is caused by browser extensions or add-ons that may be manipulating the session variables and altering headers.
  2. If you do not see the error appearing in private mode, then do the following to fix it in normal mode:
    1. Clear your browser cache, cookies, locally stored content etc..
    2. Restart your browser and login to Bamboo.
    3. Attempt the action that was previously generating the error.

Proxy/Load Balancer

  1. Go to your Proxy/Load Balancer settings and make sure that the following flag is not in use:

    Header edit Set-cookie^(.*)$ $1;HttpOnly;Secure

    This flag is used to add the "HttpOnly" and "Secure" flags to all Set-Cookie headers in the HTTP response. We highly recommend checking it with your Proxy/Load Balancer provider for more details.


Last modified on Mar 14, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.