XSRF check failed with jQuery (Jira)

Question

I'm trying to create an issue but it returns the "XSRF check failed" error. I'm using the following code:

$.ajax({ 
   async: true, 
   crossDomain: true, 
   url: 'https://testejiraloupen.atlassian.net/rest/api/2/issue', 
   method: 'POST', 
   headers: { 
      'Authorization': 'Basic ' + btoa('email:pass'), 
      'Content-Type': 'application/json', 
      /*'X-Atlassian-Token': 'nocache',*/ 
      'Access-Control-Allow-Origin': '*', 
      'Access-Control-Alow-Methods': 'POST, GET, PUT, OPTIONS, DELETE', 
      'Access-Control-Max-Age': '3600', 
      'Access-Control-Allow-Headers': 'x-requested-with, content-type' 
   }, 
   processData: false, 
   data: JSON.stringify(issue), 
   success: function(data) { 
      console.log('Issue created. Id >>> ' + data.id); 
   }, error: function(err) { 
      console.log(err); 
   } 
});

Can anyone help me in this case?

Answer 1

It helped for me:

Resolution: Since REST API doesn't require a User-Agent header, removing the header works.

from this knowledge base page

Answer 2

I have used following header for my rest api calls and it worked. X-Atlassian-Token: no-check

Here is another wiki regarding From token handling:https://confluence.atlassian.com/display/JIRA043/Form+Token+Handling?_ga=2.108983109.653657921.1530909405-1000252910.1505150128

Answer 3

It seems to be a known problem by Atlassian, caused by the User Agent sent by your request.

it's in their knowledge base : "REST API calls with a browser User-Agent header may fail CSRF checks", cf https://confluence.atlassian.com/jirakb/rest-api-calls-with-a-browser-user-agent-header-may-fail-csrf-checks-802591455.html

Another discussion thread here : https://community.atlassian.com/t5/Jira-questions/Jira-7-rest-api-XSRF-check-failed-for-post-issue-with/qaq-p/488706 concludes : "Overwrite the User-Agent String with some dummy value, and it will work"