Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13038

HTML5 notifier plugin breaks Jenkins with CSRF protection

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • None
    • Jenkins 1.454
      HTML5 Notifier Plugin 1.1

      The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins.

      Result: with notifiers and CSRF protection enabled POSTs fail with 403.
      One easily visible example: trying to disable an installed plugin results in
      Status Code: 403
      Exception: No valid crumb was included in the request
      displayed where the restart button should appear.

          [JENKINS-13038] HTML5 notifier plugin breaks Jenkins with CSRF protection

          mdp created issue -
          jieryn made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: html5-notifier [ 15951 ]
          Assignee Original: jieryn [ jieryn ]
          jieryn made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 143498 ] New: JNJira + In-Review [ 190586 ]

            Unassigned Unassigned
            mdp mdp
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: