-
Bug
-
Resolution: Fixed
-
Major
-
1.446.2 or 1.506-SNAPSHOT
Create an admin user with full perms, and deny all perms to anonymous; and enable CSRF protection. Now go to the Jenkins root page, click add description, type anything, and click Preview. You are greeted with
<div class="textarea-preview" style="">403 No_valid_crumb_was_included_in_the_request<hr> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Error 403 </title> <h2>HTTP ERROR: 403</h2><pre>No valid crumb was included in the request</pre> <p>RequestURI=/markupFormatter/previewDescription</p><p><i><small><a href="http://jetty.mortbay.org/">Powered by Jetty://</a></small></i></p><br> ... </div>