Searching in Confluence with version 6.14 and higher fails silently on specific browsers

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Confluence 6.14 and higher versions were shipped with a new, expanded search panel

However, attempting to search in Firefox and Internet Explorer does not seem to work.

Hovering the search bar will give (g, gor /), and entering text will trigger the infinite spinning wheels

The following appears in the atlassian-confluence.log

2019-02-18 17:09:22,192 WARN [http-nio-26141-exec-7] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://localhost:8090/rest/analytics/1.0/publish/bulk , origin: null , referrer: http://mycompany/ , credentials in request: true , allowed via CORS: false
 -- referer: http://mycompany/ | url: /c6141/rest/analytics/1.0/publish/bulk | traceId: 2ddf5db016174aa4 | userName: admin

Diagnosis

The error message shows XSRF (Cross-Site Request Forgery) warnings. This is logged when the request's origin does not match its target. More information about this here: Cross-Site Request Forgery (CSRF) protection changes in Atlassian REST

Confluence may be running behind a proxy, or SSL, or even port forwarding.

Cause

When running Confluence behind a reverse proxy, Tomcat must be made aware of the reverse proxy - this ensures that responses from Tomcat have the correct hostname information. During the upgrade of Confluence, the HTTP ports used in server.xml are migrated, but nothing else is - so the reverse proxy information will have been lost.

From the Upgrading Confluence notes:

During the upgrade the wizard will migrate following from your existing Confluence installation:

  • TCP port values in your server.xml file. 
  • Custom values in your confluence-init.properties (confluence.home property) and setenv.sh / setenv.bat files (CATALINA_OPTS or JAVA_OPTS parameters)
tip/resting Created with Sketch.

Other configurations or customisations (including any other modifications in the server.xml file) are not migrated during the upgrade and need to be reapplied manually. See below for more information.


As a part of the upgrade process, you should ensure that all changes from the defaults are re-applied to the instance for correct operation.

Resolution

Ensure that Confluence has been configured to be aware of the reverse proxy. At a minimum, the proxyName and proxyPort parameters are required. If using HTTPS, the scheme="https" parameter should be included as well. These parameters will need to be added to the HTTP connector that is serving requests.

Example:

This is the default HTTP connector in Confluence 5.8:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
	maxThreads="200" minSpareThreads="10"
    enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11NioProtocol" />

If you were configuring this proxy to be used at https://mycompany.com/ you would configure it like this:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
	maxThreads="200" minSpareThreads="10"
    enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11NioProtocol" 
	proxyName="mycompany.com" proxyPort="443" scheme="https" />

Other issues that's caused by XSRF Check Failed:


DescriptionIn confluence 6.14 and above, searching in IE and FF will fail silently, and will give infinite spinning wheels
ProductConfluence

Last modified on Feb 10, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.