Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7518

CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • core
    • None
    • Platform: All, OS: All

      Hudson: 1.310-SNAPSHOT (svn trunk)

      I checked "Prevent Cross Site Request Forgery exploits", then ajax request like
      ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".

      I use Hudson installation behind some proxies.

      In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
      used to update MessageDigest. but it will return diffrent IP behind proxies each
      request.

          [JENKINS-7518] CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

          cap10morgan created issue -
          Dean Yu made changes -
          Fix Version/s New: current [ 10162 ]
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          nicholas harteau made changes -
          Resolution Original: Fixed [ 1 ]
          Status Original: Resolved [ 5 ] New: Reopened [ 4 ]
          OHTAKE Tomohiro made changes -
          Link New: This issue is related to JENKINS-3854 [ JENKINS-3854 ]
          Jesse Glick made changes -
          Link New: This issue is related to SECURITY-47 [ SECURITY-47 ]
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-12875 [ JENKINS-12875 ]
          Daniel Beck made changes -
          Resolution New: Duplicate [ 3 ]
          Status Original: Reopened [ 4 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 137617 ] New: JNJira + In-Review [ 187591 ]

            dty Dean Yu
            cap10morgan cap10morgan
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: