Details
-
Bug
-
Status: Open (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
Jenkins: 2.254
Plugins:
<groupId>io.jenkins.plugins</groupId>
<artifactId>jquery3-api</artifactId>
<version>3.5.1-1</version>
Description
The following code results in a 403 - No valid crumb was included in the request when the page is loaded.
public class MyLink implements RootAction { @JavaScriptMethod public void setUserId(final String value) { userId = value; } <st:bind var="instance" value="${it}"/> instance.setUserId($('#userId')
org/kohsuke/stapler/bind.js has the following:
if(window.jQuery === window.$) { //Is jQuery the active framework? $.ajax({ type: "POST", url: url+methodName, data: stringify(a), contentType: 'application/x-stapler-method-invocation;charset=UTF-8', headers: {'Crumb':crumb}, dataType: "json", success: function(data, textStatus, jqXHR) { if (callback!=null) { var t = {}; t.responseObject = function() { return data; }; callback(t); } } }); } else { //Assume prototype should work new Ajax.Request(url+methodName, { method: 'post', requestHeaders: {'Content-type':'application/x-stapler-method-invocation;charset=UTF-8','Crumb':crumb}, postBody: stringify(a), onSuccess: function(t) { if (callback!=null) { t.responseObject = function() { return eval('('+this.responseText+')'); }; callback(t); } } }); }
And prototype.js has patch forAjax.Request to add `Jenkins-Crumb` to the request
// KK patch -- handle crumb for POST automatically by adding a header if(this.options.method=="post") { if(this.options.requestHeaders==undefined) this.options.requestHeaders = {}; crumb.wrap(this.options.requestHeaders); } // KK patch until here
Nothing for patching JQuery as far as I can tell.
Seems a bit disjointed and would be better solved binding to the value returned from `SystemProperties.getString("hudson.security.csrf.requestfield", CrumbIssuer.DEFAULT_CRUMB_NAME)`
Attachments
Activity
Shaun Thompson
added a comment - That was it as it looks like it was bound differently this time. I'll have to track it back to see where the difference lies.
Was this referenced anywhere and I just missed it?
Thanks
Shaun Thompson
added a comment - That was it as it looks like it was bound differently this time. I'll have to track it back to see where the difference lies.
Was this referenced anywhere and I just missed it?
Thanks No, this is not referenced anywhere. I never noticed that it is even possible to use the jQuery path in Stapler bind. So this never worked before with Stapler in Jenkins. I'm not sure what would be a good place to document that behavior.
Shaun Thompson
added a comment - Ok good to know it wasn't just a matter of reading the doc. 1/2 the time I spend in creating a custom Jenkins plugin with any type of advanced behavior I feel like I'm treading into the unknown.
Shaun Thompson
added a comment - Ok good to know it wasn't just a matter of reading the doc. 1/2 the time I spend in creating a custom Jenkins plugin with any type of advanced behavior I feel like I'm treading into the unknown. Potential culprit: https://github.com/jenkinsci/jenkins/pull/4741/
You need to move the bind tag inside of the layout tag. Typically I place it at the bottom before the JS code:
https://github.com/jenkinsci/warnings-ng-plugin/blob/master/plugin/src/main/resources/io/jenkins/plugins/analysis/core/model/IssuesDetail/index.jelly