-
Bug
-
Resolution: Cannot Reproduce
-
Minor
-
Jenkins 1.625.3
Red Hat Enterprise Linux Server 6.4
Apache HTTP Server 2.2.15
The Jenkins log is filled with these entries every several seconds (each unique crumb repeats every 30 seconds) with the HTML5 Notifier Plugin enabled, running Jenkins behind a proxy:
Jan 07, 2016 11:18:00 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: Found invalid crumb <crumb>. Will check remaining parameters for a valid one...
Jan 07, 2016 11:18:00 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /jenkins/html5-notifier-plugin/list. Returning 403.
It doesn't appear any specific action is required for this to occur, other than an open session.
My Jenkins instance is configured to run behind an Apache proxy, with "Prevent Cross Site Request Forgery exploits" and "Enable proxy compatibility" enabled under global security.
A similar 
issue was recently resolved for the GitHub plugin: https://issues.jenkins-ci.org/browse/JENKINS-10263
[JENKINS-32346] Invalid crumb running behind proxy
Does it specifically only break when running under apache?
I wonder if its just a new version of jenkins, with 1.455 I see ".crumb:0dc70991ba026a73791697d28bdddc24" header in chrome network tool.
Can you give me a HAR or curl from chrome of it not working? I'm thinking its apache stripping the header.
Oh cool. I'll resetup my dev env and try to take a look at it tonight after work