Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63352

Promotion page broken - No valid crumb for Javascript method

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • artifactory-plugin
    • None

      I'm one of the maintainers of the Artifactory Plugin. We were approached by a user, complaining about an issue after upgrading to version 2.250 of Jenkins. The issue does seem to be related to the upgrade to 2.250 (or a few versions before that), because it all works with 2.215 but fails with 2.250.

      Here's the issue:

      The Artifactory Plugin includes the following script in a jelly file:

      ```

      <script>
      var selectPlugin = document.getElementById("pluginList");
      selectPlugin.onchange = onPluginChange;
      var buildBind = <st:bind value="${it}"/>;
      var promoteInfoListSize = "${it.PromoteInfoListSize}";
      if (promoteInfoListSize == 1)

      { loadBuild(buildBind, false); // Auto-load }

      </script>

      ```

      The loadBuild function corresponds to a method in the java class.

      With version 2.250, this function call started raising this warning:

      WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /$stapler/bound/3f23eab6-0052-48a8-af63-a931a2e39c52/loadBuild by e. Returning 403.

      I added @RequirePOST to the java method, but this does not resolve the issue.

      Here are the links to the javascript and java files:

      https://github.com/jfrog/jenkins-artifactory-plugin/blob/master/src/main/resources/org/jfrog/hudson/release/promotion/UnifiedPromoteBuildAction/form.jelly

      https://github.com/jfrog/jenkins-artifactory-plugin/blob/master/src/main/java/org/jfrog/hudson/release/promotion/UnifiedPromoteBuildAction.java

      I couldn't find a solution to this issue - your help with this will be greatly appreciated!

          [JENKINS-63352] Promotion page broken - No valid crumb for Javascript method

          Jenkins Team - Anything changed in version 2.250 that can cause this?

          Your help will be greatly appreciated!

          Eyal Ben Moshe added a comment - Jenkins Team - Anything changed in version 2.250 that can cause this? Your help will be greatly appreciated!

          I narrowed down the problem a bit. The issue does not seem to affecting jelly files that are related to jobs, but only forms (see the links in the description).

          I wish someone from the team would help or at least share a hint as to this breaking change in version 2.250.

          I'm attempting to re-engineer the whole promotion flow referenced in the files in the description.

          Eyal Ben Moshe added a comment - I narrowed down the problem a bit. The issue does not seem to affecting jelly files that are related to jobs, but only forms (see the links in the description). I wish someone from the team would help or at least share a hint as to this breaking change in version 2.250. I'm attempting to re-engineer the whole promotion flow referenced in the files in the description.

          I created this PR which fixes the issue - https://github.com/jfrog/jenkins-artifactory-plugin/pull/317

          If anyone would like to review or provide some feedback for it, I'd really appreciate it. If anyone has some information about the changes added around version 2.250 that caused this, that would also be great.

          Eyal Ben Moshe added a comment - I created this PR which fixes the issue -  https://github.com/jfrog/jenkins-artifactory-plugin/pull/317 If anyone would like to review or provide some feedback for it, I'd really appreciate it. If anyone has some information about the changes added around version 2.250 that caused this, that would also be great.

            eyalbe Eyal Ben Moshe
            eyalb Eyal Ben Moshe
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: