Hi Rolands,
I appreciate your patience while I investigated this more with the team.
In doing a deeper dive into this issue, I was able to replicate the exact error you are getting by passing a wrong value for my anti-forgery token (octopus.xsrf.token) in the request to the Octopus Deploy JIRA setup endpoint (https://jiraconnectapp.octopus.com/octopus/setup).
With that being the case, I think everything else within the request is okay (i.e. baseUrl and octopusInstallationId), but something is interfering with / malforming the anti-forgery token.
To me, it still feels like something is intercepting this traffic and interfering with the request, but I can’t think of how to isolate this further - is there any antivirus/anti-malware running on the machines you’ve been trying this request from via JIRA? I ask because I wonder if this software might be improperly flagging the request as it comes through.
I’ll let you know if I think of any other ways to troubleshoot this further, but this is the latest information I have. I’m sorry this isn’t ideal news, but let me know if you discover anything new on your side in reviewing the information above.
Best,
Britton