Overview
To prevent users being tricked into unintentionally submitting malicious data, Bamboo will in future use XSRF security protection.
XSRF protection will be enabled by default for OnDemand customers on Feburary 17th 2014 and new customers for the downloadable version, starting with Bamboo 5.3.
What is XSRF protection?
XSRF, or Cross Site Forgery Attacks, are a form of attack on a website that relies upon a site's trust of a user's browser. Malicious commands are issued from a user that the website trusts.
For example, an attacker may email you a link that can, from a web browser, make you inadvertently perform unwanted actions on your service without knowing your username and password.
XSRF security features settings will enable protection from attack methods whereby a malicious person can attempt to exploit your trust.
Do I need to test XSRF before it is enabled?
If you are using the REST API, through either of the following prefixes:
<host>/<contextPath>/rest/api/latest/ <host>/<contextPath>/rest/api/1.0/
then you do not need test for XSRF compatibility before protection is enabled by default.
To test for compatibility, file a support ticket to have XSRF enabled early for your instance.
Please do not file support issues to have XSRF enabled if you do not meet the criteria.
How can I fix XSRF related REST problems?
If your usage of the REST API does not work or you are unsure add the following header to all your REST calls to disable the XSRF check.
X-Atlassian-Token: no-check