Creating Project in Jira Throws 'Error creating project, XSRF check failed'

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Symptoms

Administrator can't create new project in JIRA

(Auto-migrated image: description temporarily unavailable)

Diagnosis

  1. Try create project in different web browser without any Add-Ons

  2. Try create project when accesing JIRA directly (eg: bypassing webserver and network tools like SecureEntryServer(WAF))

  3. Try to create project after disabling all User Plugins via Administrations > Manage Add-Ons > Enable Safe Mode and then try to reproduce the ERROR.

  4. Ensure the following tomcat attributes are added in the server.xml when integrating Proxy (SSL) with JIRA server:

    1 scheme="https" proxyName="proxy.atlassian.com" proxyPort="PORT"

    Reference: Cross Site Request Forgery (CSRF) protection changes in Atlassian REST

Cause

Some of the JIRA headers are blocked. For example, X-AREQUESTID, X-ASESSIONID, X-AUSERNAME, X-SITEMESH-OFF, X-Atlassian-Token request headers are blocked in the network configuration

Solution

Resolution

Ensure that all JIRA's header are not blocked

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community