Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21892

Swarm client fails to create slave if CSRF filter is enabled

    XMLWordPrintable

Details

    Description

      When having the "Prevent Cross Site Request Forgery exploits" flag enabled, the swarm client fails to create the slave with Failed to create a slave on Jenkins CODE: 403.

      This is the relevant excerpt from the Jenkins server log:

      ←[33mFeb 20, 2014 11:17:08 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /plugin/swarm/createSlave. Returning 403.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          sjka Simon Kaufmann added a comment -

          I have proposed a fix here: https://github.com/jenkinsci/swarm-plugin/pull/11

          sjka Simon Kaufmann added a comment - I have proposed a fix here: https://github.com/jenkinsci/swarm-plugin/pull/11
          neiltingley neiltingley added a comment - - edited

          Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          neiltingley neiltingley added a comment - - edited Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Simon Kaufmann
          Path:
          client/src/main/java/hudson/plugins/swarm/Client.java
          http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36
          Log:
          [FIXED JENKINS-21892] Update swarm client to send CSRF token

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Kaufmann Path: client/src/main/java/hudson/plugins/swarm/Client.java http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36 Log: [FIXED JENKINS-21892] Update swarm client to send CSRF token
          mindjiver Peter Jönsson added a comment -

          Should be fixed in version 1.17, please report back if this is not the case.

          mindjiver Peter Jönsson added a comment - Should be fixed in version 1.17, please report back if this is not the case.
          tknerr Torben Knerr added a comment -

          Now it actually breaks if CSRF is disabled in Jenkins.

          See https://issues.jenkins-ci.org/browse/JENKINS-25421

          tknerr Torben Knerr added a comment - Now it actually breaks if CSRF is disabled in Jenkins. See https://issues.jenkins-ci.org/browse/JENKINS-25421

          People

            mindjiver Peter Jönsson
            sjka Simon Kaufmann
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: