Pull Request 'trigger build' stucks (XSRF Check Failed)

[mr-const]

I've upgraded stash to bitbucket 4.0 and stash webhook plugin to bitbucket webhook. After that PR's 'trigger build' is broken. When I create first PR, trigger build works as expected, but when I press that button after PR update (i.e. added new commit) - it stucks. I checked button press with web debugger and got following POST error:

Request URL:    https://bitbucket.installation.url/git/rest/jenkins/latest/projects/AG/repos/proj-android/triggerJenkins?branches=feature/AAA-122-Branch&sha1=aff48cea08ec953c17b1a732aa1509c9c6de9ba5
Request Method:     POST
Status Code:    HTTP/1.1 403 Forbidden
Request Headers 17:26:32.000
X-Requested-With:   XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Referer:    https://bitbucket.installation.url/git/projects/AG/repos/proj-android/pull-requests/233/overview
Pragma: no-cache
Host:   bitbucket.installation.url
Content-Length: 0
Connection: keep-alive
Cache-Control:  no-cache
Accept-Language:    en-US,en;q=0.5
Accept-Encoding:    gzip, deflate
Accept: */*
Sent Cookie
JSESSIONID: 1AD3CB9B6103669EA9F579CC15B78D44
AJS.conglomerate.cookie:    "|LAST_TEMPLATES_KEY={\"1\":\"DEFAULT\"}"
_ga:    GA1.2.721443465.1421842694
_atl_bitbucket_remember_me: N2U2MWUxOTRmYmYxYzJlMjRlMzFiNjljMjM2NzFiM2VjMWY0YzMxMzoyODgyOGIwMzc5MmJjYTU4ZTJkZTQ0YWQ5ZDk3NmJhZTU2MzY5MjU1
__utmz: 2435749.1423493971.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
__utma: 2435749.721443465.1421842694.1436184975.1438262421.8
Response Headers Δ40ms
x-content-type-options: nosniff
X-AUSERNAME:    username
X-AUSERID:  1
X-ASESSIONID:   zv02u9
X-ASEN: SEN-4559999
X-AREQUESTID:   @8ZZTJCx1044x6720x0
Vary:   Accept-Encoding
Transfer-Encoding:  chunked
Server: nginx/1.4.6 (Ubuntu)
Date:   Tue, 20 Oct 2015 14:24:47 GMT
Content-Type:   text/html
Content-Encoding:   gzip
Connection: keep-alive
Response Body Δ0ms
XSRF check failed

[frami]

We have the same issue. I opened an issue (https://jira.atlassian.com/browse/BSERV-7914) at atlassian, but they mean that the addon needs to be updated:

If the add-on is making any requests into Bitbucket Server which are not declared to accept a content-type of application/json, then the X-Atlassian-Token: no-check header will need to be set. See https://confluence.atlassian.com/bitbucketserver/how-to-update-your-add-on-779302412.html#Howtoupdateyouradd-on-XSRFProtectionenabledbydefault for more information.

[lobermann]

Can confirm the same issue since yesterday on our system.

[dhiller]

Same here, if we can help, we'd be lucky to provide you with more details.

[niick]

The fix for this should be to change the Content-Type on the POST request being to "application/json" .

I can see the request is currently using Content-Type: text/html

Since Bitbucket Server 4.0, we have enabled XSRF prevention by default on all Rest resources.

More information on this can be found here: https://confluence.atlassian.com/bitbucketserver/how-to-update-your-add-on-779302412.html#Howtoupdateyouradd-on-XSRFProtectionenabledbydefault

Hopefully passing in contentType: "application/json" to the POST method in jenkins-pr-trigger-button.js should set the content-type header for that request.

[lobermann]

Is there already a workaround or something to get this going again? Until the official fix is ready.

[JonMR]

I opened PR #162 to fix this. Seems to work in my local testing.

[dhiller]

We tried PR #162, works for us too.

[itay]

We're also stuck with this issue at the moment - it would be great to get a new release.

[marianuspotratz]

I'm also affected by this and would like to add that I'm currently running a snapshot build of #162 just fine. I'd appreciate a release as well, though.

[lobermann]

I would also appreciate if there would be a new release with this PR in it. To have our normal dev workflow back up and running.

[hanshuebner]

Any chance to see this going into a release soon? We have the problem as well.

[mikesir87]

I'm sorry all that it's taken a while to get this resolved. I've merged the PR, will test locally, and push a new release over the weekend.

[itay]

@mikesir87 any update on pushing a release? I know people here really want us to update the plugin :)

[mikesir87]

@itay Thanks for checking in and giving a smiley, although I'm sure it's been frustrating waiting for the update. I was hoping to do it earlier, but got caught up with the holidays.

BUT... the release has just been pushed to the Marketplace, so it should be showing up for you shortly. Thanks!

Once it's been confirmed in the deployed version of the code, I'll close this issue.

[marianuspotratz]

I can confirm that it works with version 3.0.1.

[1e0ng]

Thanks @mikesir87 It seems the new version is on Marketplace, and it works.

[mikesir87]

You're welcome all! I'm sorry it took so long to get out there.

[lobermann]

I can also confirm it working. Thanks a lot @mikesir87 !