Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Mercury132019-11-19 21:11:07
Jenkins
Mercury13, 2019-11-19 21:11:07

How does CSRF protection work in the new Jenkins?

The client is written in C++ (Qt, cURL) and works like this.
1. Goes to
http://localhost:8080/crumbIssuer/api/xml
2. Parses XML and gets a string

Jenkins-Crumb: 3de9f4007192ee43a96f2f04a0c2a161a03b26d83259c1448c220a5cd43ee766

3. Goes on
http://localhost:8080/job/project/buildWithParameters?token=build

with a POST form (which contains the Mercurial version number) and the above Jenkins-Crumb header.
It worked like this for almost a year. And at this third step, after updating 2.176.1 → 2.190.2, it started to crash with the error “No valid crumb was included in the request”.
Jetty server, BASIC authorization, no HTTPS.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vitaly Karasik, 2019-11-19
@vitaly_il1

If Jenkins is not open to the outside, then you can simply disable the "Prevent Cross Site Request Forgery" checkbox.

Similar questions
A
Alexander F2021-05-13 20:38:08
How to define variables in a bash script run by Jenkins? 2Reply
A
akaaxel2015-08-21 10:00:46
How to run tests from a specific commit in jenkins? 1Reply
N
Nikolay Baranenko2020-02-11 16:45:19
How to pass a context that has double quotes to the remote host? 1Reply
G
Georgy Kotov2020-03-10 11:40:14
How to install jenkins if Hash Sum mismatch? 1Reply
A
Artemiy Kaminskiy2020-03-31 12:04:02
Problem with Jenkins in Astra what is the reason? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question