Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Mercury132019-11-19 21:11:07
Jenkins
Mercury13, 2019-11-19 21:11:07

How does CSRF protection work in the new Jenkins?

The client is written in C++ (Qt, cURL) and works like this.
1. Goes to
http://localhost:8080/crumbIssuer/api/xml
2. Parses XML and gets a string

Jenkins-Crumb: 3de9f4007192ee43a96f2f04a0c2a161a03b26d83259c1448c220a5cd43ee766

3. Goes on
http://localhost:8080/job/project/buildWithParameters?token=build

with a POST form (which contains the Mercurial version number) and the above Jenkins-Crumb header.
It worked like this for almost a year. And at this third step, after updating 2.176.1 → 2.190.2, it started to crash with the error “No valid crumb was included in the request”.
Jetty server, BASIC authorization, no HTTPS.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vitaly Karasik, 2019-11-19
@vitaly_il1

If Jenkins is not open to the outside, then you can simply disable the "Prevent Cross Site Request Forgery" checkbox.

Similar questions
W
web_dev2014-12-24 03:12:27
Javascript continuous integration jenkins vs Grunt - standard practice? 1Reply
A
Anton2017-01-23 14:43:30
Build is not working properly. Who is to blame: Jenkins or the program? 1Reply
S
Stella2015-01-30 14:02:17
Jenkins+Groovy+plugins. Report output. How? 0Reply
D
Dmitry Erokhin2017-02-08 18:58:15
How to force build steps to pass variables to each other in jenkins? 0Reply
A
Antony2019-08-15 12:22:07
How to add global variables inside global variables in Jenkins? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question