Saving global settings causes cross site request forgery option to be disabled

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major
    • Component/s: core
    • Environment:
      CentOS 6.3 x86-64
      Jenkins 1.498
      Tomcat 6
      Java 6

      If the "Prevent cross site forgery request exploit" option is selected in the "Configure global" security page and a change is made and saved on the global settings page - the cross site forgery prevention option is deactivated.

      This is causing issues with post-commit hooks that pass the API token as well as the crumb in the HTTP header when making RESTful calls to Jenkins.

            Assignee:
            Dominik Bartholdi
            Reporter:
            Youssuf ElKalay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: