-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
Platform: All, OS: All
Hudson: 1.310-SNAPSHOT (svn trunk)
I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".
I use Hudson installation behind some proxies.
In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
used to update MessageDigest. but it will return diffrent IP behind proxies each
request.
- is related to
-
JENKINS-12875 "No valid crumb was included in the request" errors all around
-
- Resolved
-
-
JENKINS-3854 Crumb breaks ajax request behind proxies.
-
- Closed
-
[JENKINS-7518] CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies
Fix Version/s | New: current [ 10162 ] | |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Resolution | Original: Fixed [ 1 ] | |
Status | Original: Resolved [ 5 ] | New: Reopened [ 4 ] |
Link |
New:
This issue is related to |
It looks like you've cloned this issue from
JENKINS-3854, but you've failed to include what version of Hudson you're seeing this with. As mentioned in the other issue, Hudson 1.313 included a fix for the original report.