After upgrading Confluence, you are unable to create new pages or spaces
Platform Notice: Server and Data Center Only. This article only applies to Atlassian products on the server and data center platforms.
After upgrading Confluence, you find you are unable to create new pages or spaces. The respective dialogs will load forever:
The following may appear in the
2015-10-08 19:59:09,023 WARN [http-nio-8070-exec-5] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request:http://example.com/rest/webResources/1.0/resources , origin: null , referrer: https://example.com/dashboard.action , credentials in request: true , allowed via CORS: false – referer: https://example.com/dashboard.action | url: /rest/webResources/1.0/resources | userName: confadmin
- Is there a HTTP based reverse proxy in place? Common examples are:
- Apache, using
- IIS using Application Request Routing
- nginx (default configuration)
- Apache, using
- Does Confluence have custom HTML?
- If yes, see also : Creating a Page in Firefox Causes the Create Dialog to Wait Indefinitely
When running Confluence behind a reverse proxy, Tomcat must be made aware of the reverse proxy - this ensures that responses from Tomcat have the correct hostname information. During the upgrade of Confluence, the HTTP ports used in
server.xml are migrated, but nothing else is - so the reverse proxy information will have been lost.
From the Upgrading Confluence notes:
During the upgrade the wizard will migrate following from your existing Confluence installation:
- TCP port values in your server.xml file.
- Custom values in your confluence-init.properties (confluence.home property) and setenv.sh / setenv.bat files (CATALINA_OPTS or JAVA_OPTS parameters)
Other configurations or customisations (including any other modifications in the server.xml file) are not migrated during the upgrade and need to be reapplied manually. See below for more information.
As a part of the upgrade process, you should ensure that all changes from the defaults are re-applied to the instance for correct operation.
Ensure that Confluence has been configured to be aware of the reverse proxy. At a minimum, the
proxyPort parameters are required. If using HTTPS, the
scheme="https" parameter should be included as well. These parameters will need to be added to the HTTP connector that is serving requests.
This is the default HTTP connector in Confluence 5.8:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="200" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" />
If you were configuring this proxy to be used at https://confluence.atlassian.com/ you would configure it like this:
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="200" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" secure="true" proxyName="confluence.atlassian.com" proxyPort="443" scheme="https" />
- Using Apache with mod_proxy
- Integrating Confluence with IIS using ARR
- How to use NGINX to proxy requests for Confluence
- Apache Tomcat Documentation about Reverse Proxy requirements with a HTTP connector
- Cross Site Request Forgery (CSRF) protection changes in Atlassian REST