Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23370

Gitlab web hook fails when Cross Site Request Forgery protection is active

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • gitlab-hook-plugin
    • None

      When the CSRF protection is set, the web hook requests fail with

      Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.

      because the POST request does not use a crumb.

      The plugin should implement a CrumbExclusion like the gitbucket plugin
      (see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)

            elvanja Vanja Radovanović
            sirot Jean-Christophe Sirot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: