-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
Platform: All, OS: All
Hudson: 1.310-SNAPSHOT (svn trunk)
I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".
I use Hudson installation behind some proxies.
In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
used to update MessageDigest. but it will return diffrent IP behind proxies each
request.
- is related to
-
JENKINS-12875 "No valid crumb was included in the request" errors all around
-
- Resolved
-
-
JENKINS-3854 Crumb breaks ajax request behind proxies.
-
- Closed
-
I didn't immediately see any way to edit / comment on the cloned issue. Sorry.
This was on version 1.377, the latest version of Hudson as of 9/20/2010.
All ajax requests get a 403 response. When I turn off the cross-site request forgery feature, they work again.