CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Hudson: 1.310-SNAPSHOT (svn trunk)

      I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
      ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".

      I use Hudson installation behind some proxies.

      In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
      used to update MessageDigest. but it will return diffrent IP behind proxies each
      request.

            Assignee:
            Dean Yu
            Reporter:
            cap10morgan
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: