Overview If you are encountering the error message "CsrfError: No XHR Header" in your Artifactory logs, it means that the CSRF (Cross-Site Request Forgery) protection mechanism has blocked a request that lacked the mandatory XHR (XMLHttpRequest) header. Specifically, the URL "/externals/vue-router/dist/vue-router.min.js" has been blocked. This error usually arises when using a reverse proxy in front of Artifactory, and the reverse proxy is running an outdated version of Nginx or Apache that does not support XHR headers.
To address this error, the reverse proxy configuration must be updated to include the X-Requested-With header in the request. The steps for doing so are outlined below:
1. Locate the reverse proxy configuration file. The location of this file varies depending on the web server you are using. For instance, in the case of Nginx, it is usually located in the “/etc/nginx/conf.d/” directory, whereas for Apache, it is generally located in the “/etc/httpd/conf/” directory and open the reverse proxy configuration file using a text editor.
2. Find the location block that proxies request to Artifactory and then add the following line to the location block:
For Nginx
proxy_set_header X-Requested-With XMLHttpRequest;
For Apache
RequestHeader set X-Requested-With "XMLHttpRequest"
Note: This will set the XHR header in the request before it is proxied to Artifactory.
3. Save the changes made to the configuration file.
4. Reload the configuration for your web server to apply the changes.
After following these steps, the "CsrfError: No XHR Header" error should be resolved, and requests to Artifactory should no longer be blocked by CSRF protection.