Team Calendars do not load in Firefox and Internet Explorer after Confluence upgrade
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
After upgrading to Confluence 5.10 or above, when users try to access their Calendars through IE or Firefox, all they see if a spinning/loading wheel that loads forever.
The following appears in the atlassian-confluence.log
2016-08-30 18:56:35,235 WARN [http-nio-8080-exec-84] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://confluence.url.com/rest/webResources/1.0/resources , origin: null , referrer: https://confluence.url.com , credentials in request: true , allowed via CORS: false
-- referer: https://confluence.url.com/calendar/spacecalendar.action?spaceKey=DS | url: /rest/webResources/1.0/resources | traceId: 2v30a65498716b7b | userName: charlie@atlassian.comDiagnosis
Environment
- Confluence 5.10+
- Confluence is running behind a proxy or it is accessed by multiple URLs (e.g. an internal and external address)
Cause
Confluence checks that the URL the request comes from matches that of the referrer when loading content or performing any actions. As shown in the log above, the referrer has an HTTPS URL (https://confluence.url.com), while the request comes from an HTTP URL (http://confluence.url.com). In this case, the problem is caused by a misconfigured proxy connector directive in Confluence. The Tomcat configuration is missing the proxyName, proxyPort, and scheme parameters in the <confluence_install>/conf/server.xml file. When the scheme="https" parameter is added to the configuration, Confluence can see that it will be accessed through an HTTPS URL.
For more information, take a look at our article on Cross Site Request Forgery (CSRF) protection changes in Atlassian REST.
Resolution
The request URL should match the URL that your users always use to access Confluence:
- Ensure you've set the base URL properly
- Check that your users are accessing Confluence with the correct base URL
Check if you have configured a context path properly: How to change the Confluence context path
- Follow our article on Cross Site Request Forgery (CSRF) protection changes in Atlassian REST to add the appropriate proxy parameters to your <
confluence_install>/conf/server.xmlfile.