Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Vekov2022-03-16 18:58:16
PHP
Ivan Vekov, 2022-03-16 18:58:16

Why is the Bitbucket Server API not responding, giving XSRF Error?

Hello! We have a Bitbucket Server, and another server from which we want to reach it.

Found some kind of sluggish documentation:
https://docs.atlassian.com/bitbucket-server/rest/7...

Tried one of the examples:

$url = "http://10.77.78.235:7990/rest/api/1.0/projects/HAL/repos/crm-2/branches";

$headers = array(
    'cache-control: max-age=0',
    'upgrade-insecure-requests: 1',
    'user-agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36',
    'sec-fetch-user: ?1',
    'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
    'x-compress: null',
    'sec-fetch-site: none',
    'sec-fetch-mode: navigate',
    'accept-encoding: deflate, br',
    'accept-language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7',
    "Content-Type: application/json",
    'X-Atlassian-Token: no-check',
);

$post_data = array (
    "name" => "bar",
    "startPoint" => "52005525378526ac3d5e5bcffc48fc9a82ebca76",
    "message" => "Submit"
);

$ch = curl_init();

curl_setopt($ch, CURLOPT_USERPWD, "myuser:mypassword");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, 1);

$output = curl_exec($ch);

curl_close($ch);

echo $output;


Answer:
XSRF check failed

What's the problem? It seems that Atlassian found information on the site that the 'X-Atlassian-Token: no-check' flag in the header should disable the check.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan Vekov, 2022-03-17
@vekov

In general, the problem was in the extra headers, he put spokes in his wheels. A working version will be with the following set:

$headers = array(
    'cache-control: max-age=0',
    'upgrade-insecure-requests: 1',
    'sec-fetch-user: ?1',
    'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
    'x-compress: null',
    'sec-fetch-site: none',
    'sec-fetch-mode: navigate',
    'accept-encoding: deflate, br',
    'accept-language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7',
    "Content-Type: application/json",
    'X-Atlassian-Token: no-check',
);

Report
A
Anton Shamanov, 2022-03-17
@SilenceOfWinter

first you need to get a token with REPO_READ rights, see the Authentication section and how OAuth works

Similar questions
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply
B
Belavor2019-09-24 17:46:58
How to change time zone from server to user? 3Reply
I
ibr_982017-04-24 19:18:51
Why doesn't "MouseEnter" work in visual c#? 2Reply
V
VAZSOFT2019-09-28 20:55:53
Save POST request to TXT? 5Reply
A
Aibot922021-04-09 16:05:43
How to stop "listening" to bot.*_handler? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question