Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37149

Gogs Webhooks fail if "Prevent Cross Site Request Forgery exploits" is enabled


      Thanks for making a plugin to support the Gogs git self-hosting service!

      When Gogs sends a webhook, it issues a POST request with a bunch of information in JSON format. With "Prevent Cross Site Request Forgery exploits" enabled in Jenkins (which is the default for new installs of Jenkins 2.x), Gogs' webhooks are blocked because they don't have a crumb associated with them.

      Would it be possible to add a CrumbExclusion similar to the one found in the Github plugin ( https://github.com/jenkinsci/github-plugin/commit/5c2a041 )? That would allow us to leave CSRF protection enabled and still get working webhooks.

            sanderv43 sander v
            nrclark Nick Clark
            0 Vote for this issue
            3 Start watching this issue