Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23020

Manage->Cancel Shutdown requests POST method and even POST fails due to invalid crumb if CSRF protection is enabled

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: core
    • Environment:
      Windows Server 2008R2, 64bit, JDK 7u55
    • Similar Issues:

      Description

      When trying to cancel shutdown mode via

      Manage->Cancel Shutdown
      or
      Cancel link of Build Queue

      Jenkins shows

      POST is required for jenkins.model.Jenkins.doCancelQuietDown

      together with a Try POSTing button.

      If the Try POSTing button is pressed cancel is working with CSRF protection disabled.

      But with CSRF protection enabled (in Manage->Configure Global Security) after the Try POSTing button Jenkins shows

      Invalid Crumb

      error which effectively means there is currently no way to cancel from shutdown mode if CSRF protection is enabled.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              klou Kurt
            • Votes:
              4 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: