Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7518

CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • core
    • None
    • Platform: All, OS: All

      Hudson: 1.310-SNAPSHOT (svn trunk)

      I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
      ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".

      I use Hudson installation behind some proxies.

      In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
      used to update MessageDigest. but it will return diffrent IP behind proxies each
      request.

            dty Dean Yu
            cap10morgan cap10morgan
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: