Attachment upload fails

I am hoping that the way to the solution is simple (but I have currently no clue) because the issue is simple: If I want to upload an image (jpg, just 300kB), I get an error (without further details). I tried on different pages. Xwiki version is 13.1.
How can I locate the reason of the issue?

Thanks for your support

without further details

In the attachment upload UI there is indeed not much room for error reporting, but you might find more information in the application server log. See Logging ( if you are not sure where you find the log.

in the log I see the following warning:
WARN o.x.c.i.DefaultCSRFToken - CSRFToken: Secret token verification failed, token: "null", stored token: ...
I tried to find some hints in the forum and old tickets but did not find a solution.
I am using xwiki with a proxy. I tried already to access directly but the issue was still there.

You sure this gets logged as a reaction to a failing upload ?

I just tried again. The warning is not there until I try to upload. If I try to upload multiple times it’s there once for each time.

Full warning text is:
tomcat9[795]: 2021-03-15 19:06:02,106 [https-openssl-apr-8443-exec-2 - https://localhost:8443/xwiki/upload/Kanu-Touren/Tourvorschl%C3%A4ge/Jagst/WebHome] WARN o.x.c.i.DefaultCSRFToken - CSRFToken: Secret token verification failed, token: "null", stored token: "..:"

So…yes, I would say I am quite sure.

OK very strange then. When you upload an attachment through the UI a special token is sent along with the attachment content to avoid CSRF attacks (where something would use you to upload stuff without you noticing). In seems in your case the token is not sent or not received but hard to tell why without a way to reproduce.

What you could do is enable your browser dev tool and especially the network tool which show the requests. Then upload an attachment and look at the request which has /xwiki/upload/ in it and check if you find a “form_token” at the end of the request content (should start with the actual attachment content, the a xredirect and then the form_token). This will at least tell use if the issue is with sending the token or receiving it.

Just a quick intermediate reply: Last and this week and the weekend are quite busy. I’ll probably check next weekend.

I tried to find it, but did not succeed yet.
Using Firefox I am in this sheet:

That’s what I see when I try to upload:

Am I in the right place?
Where do I find the required information?

This weekend would be great to investigate in the issue. Please let me know where to find the needed information to find the cause of the problem (see my post 24-Mar)

The Network tab need to be open when you upload to get the upload related requests.

Before for and after upload approach there are only these two lines difference:

Maybe I just a hint which could help to find the cause:
I am accessing wiki via
But in the warn message in the log appears https://localhost:8443/xwiki/upload/Admin-Infos/TestSeite

I tried to find already the reason for that but did not succeed.

After a long search I found the reason (but not the final fix yet).
The reason was in my configuration which I tried to adapt according to

If my web.xml contains the and everything works - except the upload.
If remove that the upload works (but the URLs are not shortened).

Does anybody have an idea how I could further narrow down the reason and finally have short URLs and working upload?