Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25421

Allow Swarm client to be used when CSRF is disabled

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: swarm-plugin
    • Labels:
      None
    • Environment:
      Jenkins 1.580.1
      Swarm Plugin 1.20
      "Prevent Cross Site Request Forgery exploits" - Disabled
    • Similar Issues:

      Description

      I updated the Swarm plugin from 1.16 to 1.20 and began experiencing this issue. Enabling the CSRF prevention works fine.

      java -jar swarm.jar -executors 2 -mode exclusive -fsroot '~/jenkins' -master http://jenkins:8079/ -name <NAME> -username eric -password <PW>
      
      Discovering Jenkins master
      Attempting to connect to http://jenkins:8079/ aeac4e35-fe09-4da7-bb5c-579658910ff5
      Could not obtain CSRF crumb. Response code: 404
      Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
      INFO: basic authentication scheme selected
      Nov 3, 2014 5:19:48 PM org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
      INFO: Failure authenticating with BASIC 'Jenkins'@jenkins:8079
      Failed to create a slave on Jenkins CODE: 401
      Retrying in 10 seconds
      

        Attachments

          Issue Links

            Activity

            Hide
            adongare Anita Dongare added a comment -

            Hi team ,
            We are seeing the same issue on our Jenkins master, can someone help explain and resolve this error with swarm plugin ?

            Thanks
            Anita

            Show
            adongare Anita Dongare added a comment - Hi team , We are seeing the same issue on our Jenkins master, can someone help explain and resolve this error with swarm plugin ? Thanks Anita
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            KK does not maintain this plugin anymore. Moving to unassigned to set the expectation

            Show
            oleg_nenashev Oleg Nenashev added a comment - KK does not maintain this plugin anymore. Moving to unassigned to set the expectation
            Hide
            oleg_nenashev Oleg Nenashev added a comment - - edited

            I do not plan to fix the issue. Usage of this plugin (and Jenkins in general) is dangerous when CSRF protection is disabled. If somebody wants to invest his time into it, pull requests are welcome.

            Show
            oleg_nenashev Oleg Nenashev added a comment - - edited I do not plan to fix the issue. Usage of this plugin (and Jenkins in general) is dangerous when CSRF protection is disabled. If somebody wants to invest his time into it, pull requests are welcome.
            Hide
            basil Basil Crow added a comment -

            Is this still a bug on recent versions of Jenkins core and Swarm client? I just tried connecting to a Jenkins master (2.150.1) with Swarm client 3.16 both with and without CSRF enabled on the Jenkins master, and things worked just fine.

            Show
            basil Basil Crow added a comment - Is this still a bug on recent versions of Jenkins core and Swarm client? I just tried connecting to a Jenkins master (2.150.1) with Swarm client 3.16 both with and without CSRF enabled on the Jenkins master, and things worked just fine.

              People

              • Assignee:
                Unassigned
                Reporter:
                elordahl Eric Lordahl
              • Votes:
                6 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated: