Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16495

Saving global settings causes cross site request forgery option to be disabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • core
    • CentOS 6.3 x86-64
      Jenkins 1.498
      Tomcat 6
      Java 6

      If the "Prevent cross site forgery request exploit" option is selected in the "Configure global" security page and a change is made and saved on the global settings page - the cross site forgery prevention option is deactivated.

      This is causing issues with post-commit hooks that pass the API token as well as the crumb in the HTTP header when making RESTful calls to Jenkins.

          [JENKINS-16495] Saving global settings causes cross site request forgery option to be disabled

          Youssuf ElKalay created issue -
          Jesse Glick made changes -
          Assignee New: Dominik Bartholdi [ imod ]
          Jesse Glick made changes -
          Priority Original: Minor [ 4 ] New: Major [ 3 ]
          Dominik Bartholdi made changes -
          Assignee Original: Dominik Bartholdi [ imod ] New: Dominik Bartholdi [ domi ]
          Jesse Glick made changes -
          Link New: This issue duplicates JENKINS-17087 [ JENKINS-17087 ]
          Jesse Glick made changes -
          Resolution New: Duplicate [ 3 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 147317 ] New: JNJira + In-Review [ 192335 ]

            domi Dominik Bartholdi
            buildscientist Youssuf ElKalay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: