-
Bug
-
Resolution: Unresolved
-
Major
-
None
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled.
Steps to repeat the problem:
- Clone, build, and run the docker instance
$ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 - From a command window, attempt to clone the userContent.git repository (will fail)
$ git clone http://localhost:8080/userContent.git - Disable CSRF protection by clearing the checkbox at "Jenkins" - "Configure Global Security" - "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button
- From a command window, attempt to clone the userContent.git repository (will work)
$ git clone http://localhost:8080/userContent.git
When the clone fails, it reports:
$ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly
The only workaround I've found is to disable CSRF protection.
[JENKINS-48363] CSRF protection prevents clone from Jenkins userContent.git
| Description |
Original:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-XX $ cd JENKINS-XX $ git lfs fetch origin JENKINS-XX $ git checkout -b lts-with-plugins JENKINS-XX $ docker build -t jenkins:JENKINS-XX . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-XX {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone [https://localhost:8080/userContent.git] {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone [https://localhost:8080/userContent.git] {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
New:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone [https://localhost:8080/userContent.git] {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone [https://localhost:8080/userContent.git] {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
| Description |
Original:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone [https://localhost:8080/userContent.git] {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone [https://localhost:8080/userContent.git] {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
New:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone [https://localhost:8080/userContent.git] {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone [https://localhost:8080/userContent.git] {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
| Description |
Original:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone [https://localhost:8080/userContent.git] {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone [https://localhost:8080/userContent.git] {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
New:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone https://localhost:8080/userContent.git {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone https://localhost:8080/userContent.git {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
| Description |
Original:
Command line git is unable to clone with https from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone https://localhost:8080/userContent.git {code} # Disable CSRF protection from (insert menu picks here) # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone https://localhost:8080/userContent.git {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} |
New:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" > "Configure Global Security" > "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
| Description |
Original:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" > "Configure Global Security" > "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {notformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
New:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" > "Configure Global Security" > "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {noformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
| Description |
Original:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" > "Configure Global Security" > "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {noformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
New:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" - "Configure Global Security" - "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {noformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
| Description |
Original:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" - "Configure Global Security" - "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {noformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |
New:
Command line git is unable to clone with http from the userContent.git repository provided by the Jenkins git-usercontent-plugin if CSRF protection is enabled. Steps to repeat the problem: # Clone, build, and run the docker instance {code} $ git lfs clone https://github.com/MarkEWaite/docker-lfs JENKINS-48363 $ cd JENKINS-48363 $ git lfs fetch origin JENKINS-48363 $ git checkout -b lts-with-plugins-add-csrf JENKINS-48363 $ docker build -t jenkins:JENKINS-48363 . $ docker run -i --rm --publish 8080:8080 jenkins:JENKINS-48363 {code} # From a command window, attempt to clone the userContent.git repository (will *fail*) {code} $ git clone http://localhost:8080/userContent.git {code} # Disable CSRF protection by clearing the checkbox at "Jenkins" - "Configure Global Security" - "Prevent Cross Site Request Forgery exploits", and save that change with the "Save" button # From a command window, attempt to clone the userContent.git repository (will *work*) {code} $ git clone http://localhost:8080/userContent.git {code} When the clone fails, it reports: {noformat} $ git clone http://localhost:8080/userContent.git Cloning into 'userContent'... error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403 No valid crumb was included in the request fatal: The remote end hung up unexpectedly {noformat} The only workaround I've found is to disable CSRF protection. |