Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62093

Using GitHub Webhooks with Jenkins where CSRF-Protection is enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Blocker Blocker
    • github-branch-source-plugin, github-plugin
    • None
    • Jenkins Version 2.234
      github-plugin version 1.29.5
      github-branch-source-plugin version 2.7.1

      Hi,
      I have a Jenkins instance set up with CSRF-Protection enabled.
      Whenever I setup a webhook in GitHub, it fails due to 

      Error 403 No valid crumb was included in the request

      I tried everything I could find on the Internet:

      • using the strict crumb issuer with all different settings
      • allowing anonymous read and build access
      • setting up the github-plugin to manage webhooks (does not work, because of the app authentication used)

      I'm also using JCasC for configuration of the Jenkins instance and I don't want to fiddle around with the XML configuration to disable CSRF-Protection to get this working.
      There has to be a way to get this working, right?

      Thanks in advance for any help

            iwilltry Thorsten Klein
            iwilltry Thorsten Klein
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: