Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17085

<f:textarea previewEndpoint="/markupFormatter/previewDescription"/> does not work when crumbs enabled

    Details

    • Similar Issues:

      Description

      Create an admin user with full perms, and deny all perms to anonymous; and enable CSRF protection. Now go to the Jenkins root page, click add description, type anything, and click Preview. You are greeted with

      <div class="textarea-preview" style="">403 No_valid_crumb_was_included_in_the_request<hr>
      
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
      <title>Error 403 </title>
      
      <h2>HTTP ERROR: 403</h2><pre>No valid crumb was included in the request</pre>
      <p>RequestURI=/markupFormatter/previewDescription</p><p><i><small><a href="http://jetty.mortbay.org/">Powered by Jetty://</a></small></i></p><br>
      ...
      </div>
      

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/resources/lib/form/textarea/textarea.js
          http://jenkins-ci.org/commit/jenkins/50f14f28e55bb39dd2959040734964889c70c7cb
          Log:
          [FIXED JENKINS-17085] Bogus requestHeaders value prevented crumb addition.
          (Ah, the joys of dynamic typing!)

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/resources/lib/form/textarea/textarea.js http://jenkins-ci.org/commit/jenkins/50f14f28e55bb39dd2959040734964889c70c7cb Log: [FIXED JENKINS-17085] Bogus requestHeaders value prevented crumb addition. (Ah, the joys of dynamic typing!)
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #2339
          [FIXED JENKINS-17085] Bogus requestHeaders value prevented crumb addition. (Revision 50f14f28e55bb39dd2959040734964889c70c7cb)

          Result = SUCCESS
          Jesse Glick : 50f14f28e55bb39dd2959040734964889c70c7cb
          Files :

          • core/src/main/resources/lib/form/textarea/textarea.js
          • changelog.html
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #2339 [FIXED JENKINS-17085] Bogus requestHeaders value prevented crumb addition. (Revision 50f14f28e55bb39dd2959040734964889c70c7cb) Result = SUCCESS Jesse Glick : 50f14f28e55bb39dd2959040734964889c70c7cb Files : core/src/main/resources/lib/form/textarea/textarea.js changelog.html

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: