-
Bug
-
Resolution: Fixed
-
Blocker
-
None
-
Windows Server 2008 R2 SP1
Jenkins 1.502
When I go and enable the Prevent Cross Site Request Forgery exploits setting in the Configure Global Security page and save it everything seems to work fine. If I then go and update settings in the Global Configure System page the Prevent Cross Site Request Forgery Exploits setting is wiped out from the global config.xml file. This is easily seen by the JobConfigHistory plugin.
- is duplicated by
-
JENKINS-16495 Saving global settings causes cross site request forgery option to be disabled
-
- Resolved
-
- is related to
-
JENKINS-14538 Separate "configure tools" page
-
- Resolved
-
I just tested this on a clean (no extra plugins) Jenkins install of 1.504 and it still clears out the CSRF Protection settings whenever I save the /configure settings (Configure System on the Manage Jenkins Page)