"403 status code due to failed CSRF check" after login

[chris03]

I get the following error after a successful login:

403 Forbidden: Responding with 403 status code due to failed CSRF check: authenticated POST request is made, but neither tc-csrf-token parameter nor X-TC-CSRF-Token header are provided..
For a temporary workaround, you can set internal property teamcity.csrf.paranoid=false  and provide valid Origin=https://teamcity.my-domain.com header with your request

My guess is that the new CSRF check since version 2020.01 prevents the POST request to pass. See: https://www.jetbrains.com/help/teamcity/upgrade-notes.html#UpgradeNotes-LimitationofCORSsupportforwritingoperations

The only way I can get it to work is to disable csrf security by settings these internal properties:

teamcity.csrf.paranoid=false
rest.cors.origins=https://login.microsoftonline.com

[burnasheva]

Hi, @chris03! Thank you for reporting it. I've created the bug in our YouTrack. We'll try to fix it ASAP. Please, watch\vote it to get all future updates.

[Vaccano]

For others hitting this page, here is an example powershell call to queue a build using the new CORS header:

$bearerToken = "Your Team City API Token Here"
$csrfToken = (Invoke-WebRequest https://TeamCityServerHere/authenticationTest.html?csrf -Headers @{"Authorization" = "Bearer $bearerToken"}).Content
Invoke-WebRequest https://TeamCityServerHere/action.html?add2Queue=Your_Build_Id_Here -Method POST  -Headers @{"Authorization" = "Bearer $bearerToken"; "X-TC-CSRF-Token" = "$csrfToken"}`

The first line is the API Token generated from the User's Profile page in Team City. The second line makes the call to get the CSRF header needed for that actual call you are going to make. The third line is the actual call you are making. It adds in the CSRF header.