Just like similar plugins, (e.g. GitHub and GitLab), the Build Token Root Plugin does not play nice whith CSRF protection enabled.
      The root cause seems to be JENKINS-22474 (documented by Jesse Glick), but until that is fixed, the Build Token Root Plugin should probably add a CrumbExclusion for the URL it is listening on.
      See JENKINS-20140 for a similar issue in the GitHub Plugin, that has been resolved.

          [JENKINS-25637] Add CrumbExclusion for buildByToken URL

          WynX Alucard added a comment -

          Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...

          WynX Alucard added a comment - Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...

          Jesse Glick added a comment -

          Pull requests with test coverage welcome.

          Jesse Glick added a comment - Pull requests with test coverage welcome.

          Code changed in jenkins
          User: Pedro Algarvio
          Path:
          src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
          http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131
          Log:
          Exclude the plugin rooth path from requiring crumb

          Refs https://issues.jenkins-ci.org/browse/JENKINS-25637

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Pedro Algarvio Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131 Log: Exclude the plugin rooth path from requiring crumb Refs https://issues.jenkins-ci.org/browse/JENKINS-25637

          Code changed in jenkins
          User: Yoann Dubreuil
          Path:
          src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
          http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a
          Log:
          JENKINS-25637 test that a crumb is not required

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a Log: JENKINS-25637 test that a crumb is not required

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
          src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
          http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d
          Log:
          Merge pull request #10 from ydubreuil/JENKINS-25637

          [FIXED JENKINS-25637] don't require a crumb to trigger a build

          Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d Log: Merge pull request #10 from ydubreuil/ JENKINS-25637 [FIXED JENKINS-25637] don't require a crumb to trigger a build Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d

          Code changed in jenkins
          User: Yoann Dubreuil
          Path:
          src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
          http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8
          Log:
          JENKINS-25637 Use JenkinsRule.WebClient in the test

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8 Log: JENKINS-25637 Use JenkinsRule.WebClient in the test

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
          http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c
          Log:
          Merge pull request #11 from ydubreuil/improve-test

          JENKINS-25637 Use JenkinsRule.WebClient in the test

          Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c Log: Merge pull request #11 from ydubreuil/improve-test JENKINS-25637 Use JenkinsRule.WebClient in the test Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc

            jglick Jesse Glick
            kflorian kflorian
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: