A request has been denied as a potential CSRF attack

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

You are on a version of Confluence > 3.4

The following appears in the atlassian-confluence.log:

2012-03-24 14:59:02,248 ERROR [http-8080-14] [org.directwebremoting.dwrp.Batch] error A request has been denied as a potential CSRF attack.
 -- referer: http://confluence.com:8080/pages/editpage.action?pageId=123456 | url: /dwr/call/plaincall/HeartbeatAjax.startActivity.dwr | userName: anonymous

Cause

This relates to some javascript in the Confluence editor.  This was removed in 3.4.  Since these files are cached for a long time, people with cached versions of the editor in their browsers will continue to make a heartbeat request back to the Confluence instance, and trigger this error, as the endpoint no longer functions.

Resolution

Because this is a client side problem, it's difficult to institute a server level change to affect all clients. This error is harmless and will go away over time, as clients will refresh their browsers from time to time. To force the issue, you could instruct all your users to shift-reload while on the edit page screen.

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.