Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55710

Sidebar-Link plugin file upload blocked by CSRF protection

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • sidebar-link-plugin
    • Ubuntu 18
      Kubernetes 1.11
      Jenkins version 2.150.1
      sidebar-link-plugin 1.10
      Chrome Version 71.0.3578.98 (Official Build) (64-bit)

    Description

      When on the /configure page when trying to upload a new image to /userContent using the sidebar-link plugin the following error is generated.

      HTTP ERROR 403
      Problem accessing /plugin/sidebar-link/upload. Reason:
      No valid crumb was included in the request
      Powered by Jetty:// 9.4.z-SNAPSHOT

       

      The result of this error is due to CSRF protection in Jenkins 2.x.  The current workaround is for a user to complete the following steps:

      • Visit /configureSecurity page
      • Disable Prevent Cross Site Request Forgery exploits ** temporarily
      • Visit /configure upload the image desired

       

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-8320 Provide upload button for Icons

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link PR #36 - Fix icon upload iframe in global config

          Activity

            People

              kon Kalle Niemitalo
              bcherrin Bradley Herrin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: