Gitlab web hook fails when Cross Site Request Forgery protection is active

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Blocker
    • Component/s: gitlab-hook-plugin
    • None

      When the CSRF protection is set, the web hook requests fail with

      Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.

      because the POST request does not use a crumb.

      The plugin should implement a CrumbExclusion like the gitbucket plugin
      (see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)

            Assignee:
            Vanja Radovanović
            Reporter:
            Jean-Christophe Sirot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: