XSRF Security Token Missing ERROR while uploading Jira Logo

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

The "XSRF Security Token Missing" ERROR appear in Jira after clicking the Upload Logo in Jira System > Look and Feel > Logo configuration.

(Auto-migrated image: description temporarily unavailable)

Environment

Jira Server and Data Center

Diagnosis

The Jira Access Logs and HAR file is showing HTTP 200 response for the POST request while the expected response is HTTP 302:

1 2 0:0:0:0:0:0:0:1 i651x256x1 admin [26/Jul/2021:10:51:48 +0200] "POST http://localhost:8842/j842/secure/admin/LookAndFeel!uploadLogo.jspa HTTP/1.1" - - - "http://localhost:8842/j842/secure/admin/LookAndFeel!default.jspa" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36" "35tupz" 0:0:0:0:0:0:0:1 o651x256x1 admin [26/Jul/2021:10:51:49 +0200] "POST http://localhost:8842/j842/secure/admin/LookAndFeel!uploadLogo.jspa HTTP/1.1" 200 0 0.2570 "http://localhost:8842/j842/secure/admin/LookAndFeel!default.jspa" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36" "35tupz"

The "XSRF Security Token Missing" ERROR does not reveal the root cause of the issue in this case. Therefore, disabling the XSRF security measures directly from <jira-installation>/atlassian-jira/WEB-INF/classes/jpm.xml file helps to reveal the following ERROR in the UI after clicking Upload Logo:

(Auto-migrated image: description temporarily unavailable)

This particular ERROR is caused by missing /temp or /work folder in the root of <jira-installation> directory or if the user running Jira does not have sufficient read and write permission to the folder as discussed in the article below:

Cause

Missing /work folder in the root of <jira-installation> directory or if the user running Jira does not have sufficient read and write permission to the folder as discussed in the article below:

ℹ️ During the Upload Logo process, the Logo file will be place in the /work folder.

Solution

If the /work folder exist in the <jira-installation> directory, check if the user running Jira have sufficient read and write permission on the /work folder.

If the /work folder is missing from the <jira-installation> directory, create the /work folder manually under the root of the <jira-installation> directory (same level as /temp folder):

  1. Shutdown Jira.

  2. Create the work folder manually inside the <jira-installation>/ folder. (same level as /temp folder)

  3. Ensure that the user running Jira have a sufficient read and write permission to the /work folder.

  4. Start Jira.

  5. Verify if the /work folder still exist after restarting Jira. The /work folder should contain /Catalina and other data after the restart.

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community