Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63352

Promotion page broken - No valid crumb for Javascript method

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I'm one of the maintainers of the Artifactory Plugin. We were approached by a user, complaining about an issue after upgrading to version 2.250 of Jenkins. The issue does seem to be related to the upgrade to 2.250 (or a few versions before that), because it all works with 2.215 but fails with 2.250.

      Here's the issue:

      The Artifactory Plugin includes the following script in a jelly file:

      ```

      <script>
      var selectPlugin = document.getElementById("pluginList");
      selectPlugin.onchange = onPluginChange;
      var buildBind = <st:bind value="${it}"/>;
      var promoteInfoListSize = "${it.PromoteInfoListSize}";
      if (promoteInfoListSize == 1)

      { loadBuild(buildBind, false); // Auto-load }

      </script>

      ```

      The loadBuild function corresponds to a method in the java class.

      With version 2.250, this function call started raising this warning:

      WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /$stapler/bound/3f23eab6-0052-48a8-af63-a931a2e39c52/loadBuild by e. Returning 403.

      I added @RequirePOST to the java method, but this does not resolve the issue.

      Here are the links to the javascript and java files:

      https://github.com/jfrog/jenkins-artifactory-plugin/blob/master/src/main/resources/org/jfrog/hudson/release/promotion/UnifiedPromoteBuildAction/form.jelly

      https://github.com/jfrog/jenkins-artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/release/promotion/UnifiedPromoteBuildAction.java

      I couldn't find a solution to this issue - your help with this will be greatly appreciated!

        Attachments

          Activity

          Hide
          eyalb Eyal Ben Moshe added a comment -

          Jenkins Team - Anything changed in version 2.250 that can cause this?

          Your help will be greatly appreciated!

          Show
          eyalb Eyal Ben Moshe added a comment - Jenkins Team - Anything changed in version 2.250 that can cause this? Your help will be greatly appreciated!
          Hide
          eyalb Eyal Ben Moshe added a comment -

          I narrowed down the problem a bit. The issue does not seem to affecting jelly files that are related to jobs, but only forms (see the links in the description).

          I wish someone from the team would help or at least share a hint as to this breaking change in version 2.250.

          I'm attempting to re-engineer the whole promotion flow referenced in the files in the description.

          Show
          eyalb Eyal Ben Moshe added a comment - I narrowed down the problem a bit. The issue does not seem to affecting jelly files that are related to jobs, but only forms (see the links in the description). I wish someone from the team would help or at least share a hint as to this breaking change in version 2.250. I'm attempting to re-engineer the whole promotion flow referenced in the files in the description.
          Hide
          eyalb Eyal Ben Moshe added a comment -

          I created this PR which fixes the issue - https://github.com/jfrog/jenkins-artifactory-plugin/pull/317

          If anyone would like to review or provide some feedback for it, I'd really appreciate it. If anyone has some information about the changes added around version 2.250 that caused this, that would also be great.

          Show
          eyalb Eyal Ben Moshe added a comment - I created this PR which fixes the issue -  https://github.com/jfrog/jenkins-artifactory-plugin/pull/317 If anyone would like to review or provide some feedback for it, I'd really appreciate it. If anyone has some information about the changes added around version 2.250 that caused this, that would also be great.

            People

            Assignee:
            eyalbe Eyal Ben Moshe
            Reporter:
            eyalb Eyal Ben Moshe
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: