-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.0-rc WAR running on Mac
1) Start jenkins from WAR, giving a JENKINS_HOME directory
2) Install initial plugins and create an admin user (probably not needed), then restart and log in
3) Try to exit jenkins the "right" way by visiting http://localhost:8080/exit
4) Click the "try POST" button
5) See attached 403 error message:
- is duplicated by
-
JENKINS-38954 No valid crumb in doDelete of build
-
- Resolved
-
- is related to
-
JENKINS-47043 Support custom command for Jenkins restart
-
- Closed
-
- links to
(1 links to)
Yes. CSRF protection breaks the 'Use POST' workaround. Looks like it needs to have a GET based UI, like /restart and /safeRestart have.
/safeExit is also affected. I never understood this inconsistency, it's time we clean it up.
Not a 2.0 specific thing, it's just that we default the CSRF option to on in 2.0.