-
Bug
-
Resolution: Fixed
-
Major
Just like similar plugins, (e.g. GitHub and GitLab), the Build Token Root Plugin does not play nice whith CSRF protection enabled.
The root cause seems to be JENKINS-22474 (documented by Jesse Glick), but until that is fixed, the Build Token Root Plugin should probably add a CrumbExclusion for the URL it is listening on.
See JENKINS-20140 for a similar issue in the GitHub Plugin, that has been resolved.
- is related to
-
JENKINS-22474 Crumb must be sent with POST requests even when using authentication token
-
- Resolved
-
[JENKINS-25637] Add CrumbExclusion for buildByToken URL
Link |
New:
This issue is related to |
Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...