Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3854

Crumb breaks ajax request behind proxies.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None
    • Platform: All, OS: All

      Hudson: 1.310-SNAPSHOT (svn trunk)

      I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
      ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".

      I use Hudson installation behind some proxies.

      In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
      used to update MessageDigest. but it will return diffrent IP behind proxies each
      request.

            dty Dean Yu
            sogabe sogabe
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: