I have a webwork1 panel I’m trying to secure with @RequireXsrfCheck. My code is:
public class ProjectAdminPanelAction extends JiraWebActionSupport {
@Override
@RequiresXsrfCheck
public String execute() throws Exception {
....
I try to test it with curl using
curl --location --request POST 'http://localhost:8080/myjira/secure/documentvault/DocumentVaultProjectPanelAction!execute.jspa?projectKey=TEST&atl_token=xx' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Authorization: Basic Y2hhZDpwYXNzd29yZA==' --header 'Cookie: JSESSIONID=DC4F1B7BE2D598C76198317D5FDF06B9'
And it brings back the page. I have tried without the !execute, with both RequireXsrfCheck classes and I still get the same. Same thing happens if I remove the atl_token parameter as well.
I’m using Jira 8.6. What am I missing?
Thanks
Paul