Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21892

Swarm client fails to create slave if CSRF filter is enabled

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • swarm-plugin
    • None

      When having the "Prevent Cross Site Request Forgery exploits" flag enabled, the swarm client fails to create the slave with Failed to create a slave on Jenkins CODE: 403.

      This is the relevant excerpt from the Jenkins server log:

      ←[33mFeb 20, 2014 11:17:08 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /plugin/swarm/createSlave. Returning 403.
      

          [JENKINS-21892] Swarm client fails to create slave if CSRF filter is enabled

          Simon Kaufmann added a comment - I have proposed a fix here: https://github.com/jenkinsci/swarm-plugin/pull/11

          neiltingley added a comment - - edited

          Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          neiltingley added a comment - - edited Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          Code changed in jenkins
          User: Simon Kaufmann
          Path:
          client/src/main/java/hudson/plugins/swarm/Client.java
          http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36
          Log:
          [FIXED JENKINS-21892] Update swarm client to send CSRF token

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Kaufmann Path: client/src/main/java/hudson/plugins/swarm/Client.java http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36 Log: [FIXED JENKINS-21892] Update swarm client to send CSRF token

          Should be fixed in version 1.17, please report back if this is not the case.

          Peter Jönsson added a comment - Should be fixed in version 1.17, please report back if this is not the case.

          Torben Knerr added a comment -

          Now it actually breaks if CSRF is disabled in Jenkins.

          See https://issues.jenkins-ci.org/browse/JENKINS-25421

          Torben Knerr added a comment - Now it actually breaks if CSRF is disabled in Jenkins. See https://issues.jenkins-ci.org/browse/JENKINS-25421

            mindjiver Peter Jönsson
            sjka Simon Kaufmann
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: