Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21892

Swarm client fails to create slave if CSRF filter is enabled

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When having the "Prevent Cross Site Request Forgery exploits" flag enabled, the swarm client fails to create the slave with Failed to create a slave on Jenkins CODE: 403.

      This is the relevant excerpt from the Jenkins server log:

      ←[33mFeb 20, 2014 11:17:08 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /plugin/swarm/createSlave. Returning 403.
      

        Attachments

          Activity

          Hide
          sjka Simon Kaufmann added a comment -
          Show
          sjka Simon Kaufmann added a comment - I have proposed a fix here: https://github.com/jenkinsci/swarm-plugin/pull/11
          Hide
          neiltingley neiltingley added a comment - - edited

          Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).

          Show
          neiltingley neiltingley added a comment - - edited Patch works for me on latest LTS. (Make sure you use the patched swarm client jar!).
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Simon Kaufmann
          Path:
          client/src/main/java/hudson/plugins/swarm/Client.java
          http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36
          Log:
          [FIXED JENKINS-21892] Update swarm client to send CSRF token

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Simon Kaufmann Path: client/src/main/java/hudson/plugins/swarm/Client.java http://jenkins-ci.org/commit/swarm-plugin/5d97fa1679d07e04e1fe93ed2ead77cd06a3ef36 Log: [FIXED JENKINS-21892] Update swarm client to send CSRF token
          Hide
          mindjiver Peter Jönsson added a comment -

          Should be fixed in version 1.17, please report back if this is not the case.

          Show
          mindjiver Peter Jönsson added a comment - Should be fixed in version 1.17, please report back if this is not the case.
          Hide
          tknerr Torben Knerr added a comment -

          Now it actually breaks if CSRF is disabled in Jenkins.

          See https://issues.jenkins-ci.org/browse/JENKINS-25421

          Show
          tknerr Torben Knerr added a comment - Now it actually breaks if CSRF is disabled in Jenkins. See https://issues.jenkins-ci.org/browse/JENKINS-25421

            People

            • Assignee:
              mindjiver Peter Jönsson
              Reporter:
              sjka Simon Kaufmann
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: