Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25637

Add CrumbExclusion for buildByToken URL

    XMLWordPrintable

Details

    Description

      Just like similar plugins, (e.g. GitHub and GitLab), the Build Token Root Plugin does not play nice whith CSRF protection enabled.
      The root cause seems to be JENKINS-22474 (documented by Jesse Glick), but until that is fixed, the Build Token Root Plugin should probably add a CrumbExclusion for the URL it is listening on.
      See JENKINS-20140 for a similar issue in the GitHub Plugin, that has been resolved.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-22474 Crumb must be sent with POST requests even when using authentication token

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            Ascending order - Click to sort in descending order
            kflorian kflorian created issue -
            wynx WynX Alucard added a comment -

            Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...

            wynx WynX Alucard added a comment - Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-22474 [ JENKINS-22474 ]
            jglick Jesse Glick made changes -
            Priority Minor [ 4 ] Major [ 3 ]
            jglick Jesse Glick added a comment -

            Pull requests with test coverage welcome.

            jglick Jesse Glick added a comment - Pull requests with test coverage welcome.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Pedro Algarvio
            Path:
            src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
            http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131
            Log:
            Exclude the plugin rooth path from requiring crumb

            Refs https://issues.jenkins-ci.org/browse/JENKINS-25637

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Pedro Algarvio Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131 Log: Exclude the plugin rooth path from requiring crumb Refs https://issues.jenkins-ci.org/browse/JENKINS-25637
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Yoann Dubreuil
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a
            Log:
            JENKINS-25637 test that a crumb is not required

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a Log: JENKINS-25637 test that a crumb is not required
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d
            Log:
            Merge pull request #10 from ydubreuil/JENKINS-25637

            [FIXED JENKINS-25637] don't require a crumb to trigger a build

            Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d Log: Merge pull request #10 from ydubreuil/ JENKINS-25637 [FIXED JENKINS-25637] don't require a crumb to trigger a build Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d
            scm_issue_link SCM/JIRA link daemon made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Yoann Dubreuil
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8
            Log:
            JENKINS-25637 Use JenkinsRule.WebClient in the test

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8 Log: JENKINS-25637 Use JenkinsRule.WebClient in the test
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c
            Log:
            Merge pull request #11 from ydubreuil/improve-test

            JENKINS-25637 Use JenkinsRule.WebClient in the test

            Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c Log: Merge pull request #11 from ydubreuil/improve-test JENKINS-25637 Use JenkinsRule.WebClient in the test Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 159612 ] JNJira + In-Review [ 196139 ]

            People

              jglick Jesse Glick
              kflorian kflorian
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: