Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21892

Swarm client fails to create slave if CSRF filter is enabled

    XMLWordPrintable

Details

    Description

      When having the "Prevent Cross Site Request Forgery exploits" flag enabled, the swarm client fails to create the slave with Failed to create a slave on Jenkins CODE: 403.

      This is the relevant excerpt from the Jenkins server log:

      ←[33mFeb 20, 2014 11:17:08 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /plugin/swarm/createSlave. Returning 403.
      

      Attachments

        Activity

          sjka Simon Kaufmann created issue -
          sjka Simon Kaufmann added a comment - I have proposed a fix here: https://github.com/jenkinsci/swarm-plugin/pull/11
          neiltingley neiltingley added a comment - - edited

          Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          neiltingley neiltingley added a comment - - edited Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          Code changed in jenkins
          User: Simon Kaufmann
          Path:
          client/src/main/java/hudson/plugins/swarm/Client.java
          http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36
          Log:
          [FIXED JENKINS-21892] Update swarm client to send CSRF token

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Kaufmann Path: client/src/main/java/hudson/plugins/swarm/Client.java http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36 Log: [FIXED JENKINS-21892] Update swarm client to send CSRF token
          scm_issue_link SCM/JIRA link daemon made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]

          Should be fixed in version 1.17, please report back if this is not the case.

          mindjiver Peter Jönsson added a comment - Should be fixed in version 1.17, please report back if this is not the case.
          mindjiver Peter Jönsson made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ] Peter Jönsson [ mindjiver ]
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 153893 ] JNJira + In-Review [ 207435 ]
          tknerr Torben Knerr added a comment -

          Now it actually breaks if CSRF is disabled in Jenkins.

          See https://issues.jenkins-ci.org/browse/JENKINS-25421

          tknerr Torben Knerr added a comment - Now it actually breaks if CSRF is disabled in Jenkins. See https://issues.jenkins-ci.org/browse/JENKINS-25421

          People

            mindjiver Peter Jönsson
            sjka Simon Kaufmann
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: