HTML5 notifier plugin breaks Jenkins with CSRF protection

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Critical
    • Component/s: core
    • Environment:
      Jenkins 1.454
      HTML5 Notifier Plugin 1.1

      The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins.

      Result: with notifiers and CSRF protection enabled POSTs fail with 403.
      One easily visible example: trying to disable an installed plugin results in
      Status Code: 403
      Exception: No valid crumb was included in the request
      displayed where the restart button should appear.

            Assignee:
            Unassigned
            Reporter:
            mdp
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: