Details
-
Bug
-
Resolution: Unresolved
-
Blocker
-
Jenkins: 2.254
Plugins:
<groupId>io.jenkins.plugins</groupId>
<artifactId>jquery3-api</artifactId>
<version>3.5.1-1</version>
Description
The following code results in a 403 - No valid crumb was included in the request when the page is loaded.
public class MyLink implements RootAction { @JavaScriptMethod public void setUserId(final String value) { userId = value; } <st:bind var="instance" value="${it}"/> instance.setUserId($('#userId')
org/kohsuke/stapler/bind.js has the following:
if(window.jQuery === window.$) { //Is jQuery the active framework? $.ajax({ type: "POST", url: url+methodName, data: stringify(a), contentType: 'application/x-stapler-method-invocation;charset=UTF-8', headers: {'Crumb':crumb}, dataType: "json", success: function(data, textStatus, jqXHR) { if (callback!=null) { var t = {}; t.responseObject = function() { return data; }; callback(t); } } }); } else { //Assume prototype should work new Ajax.Request(url+methodName, { method: 'post', requestHeaders: {'Content-type':'application/x-stapler-method-invocation;charset=UTF-8','Crumb':crumb}, postBody: stringify(a), onSuccess: function(t) { if (callback!=null) { t.responseObject = function() { return eval('('+this.responseText+')'); }; callback(t); } } }); }
And prototype.js has patch forAjax.Request to add `Jenkins-Crumb` to the request
// KK patch -- handle crumb for POST automatically by adding a header if(this.options.method=="post") { if(this.options.requestHeaders==undefined) this.options.requestHeaders = {}; crumb.wrap(this.options.requestHeaders); } // KK patch until here
Nothing for patching JQuery as far as I can tell.
Seems a bit disjointed and would be better solved binding to the value returned from `SystemProperties.getString("hudson.security.csrf.requestfield", CrumbIssuer.DEFAULT_CRUMB_NAME)`
