Blank Page or Missing XSRF Token when CSV Import

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.


Bulk Create issues from CSV will fail. Users will face a blank screen or hit into "XSRF Security Token Missing" message in the UI and no errors will be thrown in the logs

When making the following actions...

  1. Create a simple CSV file
  2. Import this CSV either via Import issues from CSV or External System Import > CSV
  3. Just map the Summary
  4. Click on the Begin Import button
  5. Users will be redirected to a blank page (or see "XSRF Security Token Missing")

Disabling XSRF using jira.xsrf.enabled=false will have External System Import > CSV hit a blank page as well.



  • JIRA installed on Linux/Unix environment

Diagnostic Steps

2016-10-10 15:00:25,535 http-nio-8080-exec-16 DEBUG IAMADMIN 900x169173x1 b58w5h, /secure/admin/CsvSetupPage.jspa [webwork.action.ActionSupport] Action executed in 0 ms
2016-10-10 15:00:25,537 http-nio-8080-exec-16 ERROR      [webwork.multipart.MultiPartRequestWrapper] null
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
	at java.lang.reflect.Constructor.newInstance(
	at webwork.multipart.MultiPartRequestWrapper.<init>(
	... 2 filtered
	at javax.servlet.http.HttpServlet.service(
	... 89 filtered
	at java.util.concurrent.ThreadPoolExecutor.runWorker(
	at java.util.concurrent.ThreadPoolExecutor$
	at org.apache.tomcat.util.threads.TaskThread$
Caused by: Directory [/lokasi/jira/work/Catalina/localhost/jiracontextpath] is readonly.
	at http.utils.multipartrequest.MultipartRequest.initParser(
	at http.utils.multipartrequest.MultipartRequest.<init>(
	at http.utils.multipartrequest.ServletMultipartRequest.<init>(
	at webwork.multipart.PellMultiPartRequest.<init>(
	at com.atlassian.jira.web.JiraMultipartRequestWrapper.<init>(
  • Ask for ls -lah /lokasi/jira/work/Catalina/localhost/ and something similar to the following returned which show the user jira do not have full permission 

    jira@testserver:~$ ls -lah /lokasi/jira/work/Catalina/localhost/
    total 0
    drwxrwsr-x 4 jira jiraadmin 37 Jul 28 12:05 .
    drwxrwsr-x 3 jira jiraadmin 22 Jul 25 16:11 ..
    drwxrwsr-x 2 juser   jiraadmin  6 Jul 28 12:05 jiracontextpath


This is caused by the WORK directory of Tomcat is read-only by the user jira that runs JIRA application.  


Ensure the user that is running JIRA have all the permission necessary.

Last modified on Jun 3, 2022

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.