[JENKINS-13038] HTML5 notifier plugin breaks Jenkins with CSRF protection

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: core
Labels:
None
Environment:
Jenkins 1.454
HTML5 Notifier Plugin 1.1

Similar Issues:
Powered by SuggestiMate

Show

The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins.

Result: with notifiers and CSRF protection enabled POSTs fail with 403.
One easily visible example: trying to disable an installed plugin results in
Status Code: 403
Exception: No valid crumb was included in the request
displayed where the restart button should appear.

jieryn added a comment - 2012-04-06 12:15

Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore..

jieryn added a comment - 2012-04-06 12:15 Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore..

jieryn added a comment - 2012-04-06 12:25

html5-notifier-plugin:1.2 was released: http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/html5-notifier-plugin/1.2/

jieryn added a comment - 2012-04-06 12:25 html5-notifier-plugin:1.2 was released: http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/html5-notifier-plugin/1.2/

Assignee:: Unassigned

Reporter:: mdp

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2012-03-09 16:09

Updated:: 2012-04-06 12:25

Resolved:: 2012-04-06 12:25

Jenkins

Details

Description

Attachments

Activity

Collapse comment: jieryn added a comment - 2012-04-06 12:15

Expand comment: jieryn added a comment - 2012-04-06 12:15

Collapse comment: jieryn added a comment - 2012-04-06 12:25

Expand comment: jieryn added a comment - 2012-04-06 12:25

People

Dates