Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13038

HTML5 notifier plugin breaks Jenkins with CSRF protection

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Environment:
      Jenkins 1.454
      HTML5 Notifier Plugin 1.1
    • Similar Issues:

      Description

      The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins.

      Result: with notifiers and CSRF protection enabled POSTs fail with 403.
      One easily visible example: trying to disable an installed plugin results in
      Status Code: 403
      Exception: No valid crumb was included in the request
      displayed where the restart button should appear.

        Attachments

          Activity

          Hide
          jieryn jieryn added a comment -

          Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore..

          Show
          jieryn jieryn added a comment - Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore..
          Show
          jieryn jieryn added a comment - html5-notifier-plugin:1.2 was released: http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/html5-notifier-plugin/1.2/

            People

            • Assignee:
              Unassigned
              Reporter:
              mdp mdp
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: