Upload gets stuck in Assets

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Atlassian applications allow the use of reverse-proxies within our products, however Atlassian Support does not provide assistance for configuring them. Consequently, Atlassian can not guarantee providing any support for them.

If assistance with configuration is required, please raise a question on Atlassian Community.

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When uploading files to Assets, like CSV, JSON, and attachments, the upload gets stuck.

Diagnosis

  • The browser development console might show a 404 Error.
  • The atlassian-jira.log shows the following warning message when performing the upload: 
2022-08-29 18:09:49,853+0100 http-nio-8080-exec-251 url: /rest/insight-am/1/assets/OBJ-1001/attachments/upload; user: JIRAUSER WARN JIRAUSER 1089x604511x1 1mqcy3x 62.69.98.44,10.130.10.27,127.0.0.1 /rest/insight-am/1/assets/OBJ-1001/attachments/upload [c.a.p.r.c.security.jersey.XsrfResourceFilter] XSRF checks failed for request: https://example.domain/rest/insight-am/1/assets/OBJ-1001/attachments/upload , origin: https://another-origin.domain , referrer: https://another-origin.domain


Cause

There could be several reasons behind the root cause of this issue. However, there is a high chance that the load balancer/proxy might be causing the issue. We recommend that you verify your load balancer/proxy configurations. 

The server receives requests from the same origin, as the form page is the same origin as the form submission, thus, the XSRF HTTP header matches. However for the XSRF check to succeed, the form token and cookie token sent to the server must match. The problem occurs because modern web browsers (beginning Chrome 80+) do not accept the atlassian.xsrf.cookie initially sent by the server in an iframe as it is treated as cross-site and is therefore rejected. This is because the cookie does not have the Same-Site:None attribute set (see JRASERVER-73212).



Workaround

The following workaround will disable XSRF checks for the Insight add-on file uploads. 

Modify the reverse proxy / load balancer / WAF to add the following header to the request as it makes it's way to the Jira node:

Object Import upload URL:

  • Condition: Method: POST
  • Condition: Request URL: /rest/insight/1.0/file/*
  • Action: Add header: X-Atlassian-Token: no-check

Object attachments upload URL:

  • Condition: Method: POST
  • Condition: Request URL: /rest/insight-am/1/assets/*
  • Action: Add header: X-Atlassian-Token: no-check




Last modified on Feb 16, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.