Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23370

Gitlab web hook fails when Cross Site Request Forgery protection is active

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When the CSRF protection is set, the web hook requests fail with

      Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.
      

      because the POST request does not use a crumb.

      The plugin should implement a CrumbExclusion like the gitbucket plugin
      (see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)

        Attachments

          Activity

          Hide
          elvanja Vanja Radovanović added a comment -

          This has been resolved with issue #30 @ github, see https://github.com/elvanja/jenkins-gitlab-hook-plugin/issues/30

          Show
          elvanja Vanja Radovanović added a comment - This has been resolved with issue #30 @ github, see https://github.com/elvanja/jenkins-gitlab-hook-plugin/issues/30

            People

            Assignee:
            elvanja Vanja Radovanović
            Reporter:
            sirot Jean-Christophe Sirot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: