Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25637

Add CrumbExclusion for buildByToken URL

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Just like similar plugins, (e.g. GitHub and GitLab), the Build Token Root Plugin does not play nice whith CSRF protection enabled.
      The root cause seems to be JENKINS-22474 (documented by Jesse Glick), but until that is fixed, the Build Token Root Plugin should probably add a CrumbExclusion for the URL it is listening on.
      See JENKINS-20140 for a similar issue in the GitHub Plugin, that has been resolved.

        Attachments

          Issue Links

            Activity

            Hide
            wynx WynX Alucard added a comment -

            Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...

            Show
            wynx WynX Alucard added a comment - Stumbled across this CrumbExclusion today as well. There seems to be no way around disabling CSRF, which I would like to have enabled normally...
            Hide
            jglick Jesse Glick added a comment -

            Pull requests with test coverage welcome.

            Show
            jglick Jesse Glick added a comment - Pull requests with test coverage welcome.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Pedro Algarvio
            Path:
            src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
            http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131
            Log:
            Exclude the plugin rooth path from requiring crumb

            Refs https://issues.jenkins-ci.org/browse/JENKINS-25637

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Pedro Algarvio Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java http://jenkins-ci.org/commit/build-token-root-plugin/a0b99f948fcb5cd12cd8781a81f3d18bd387d131 Log: Exclude the plugin rooth path from requiring crumb Refs https://issues.jenkins-ci.org/browse/JENKINS-25637
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Yoann Dubreuil
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a
            Log:
            JENKINS-25637 test that a crumb is not required

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/a1a621da89fff2a3f2174345bb0aaa1348781f4a Log: JENKINS-25637 test that a crumb is not required
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d
            Log:
            Merge pull request #10 from ydubreuil/JENKINS-25637

            [FIXED JENKINS-25637] don't require a crumb to trigger a build

            Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/build_token_root/BuildRootAction.java src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/b55500bb117dcd872a03ca2f90aa78b2a085075d Log: Merge pull request #10 from ydubreuil/ JENKINS-25637 [FIXED JENKINS-25637] don't require a crumb to trigger a build Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/1bfbfda0f451...b55500bb117d
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Yoann Dubreuil
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8
            Log:
            JENKINS-25637 Use JenkinsRule.WebClient in the test

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Yoann Dubreuil Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/44bea42ec52ab40367b653ad34e4ec567a4ffdc8 Log: JENKINS-25637 Use JenkinsRule.WebClient in the test
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java
            http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c
            Log:
            Merge pull request #11 from ydubreuil/improve-test

            JENKINS-25637 Use JenkinsRule.WebClient in the test

            Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/build_token_root/BuildRootActionTest.java http://jenkins-ci.org/commit/build-token-root-plugin/1416f31b95cc2919c02003cbd3de6cb3ea0edf8c Log: Merge pull request #11 from ydubreuil/improve-test JENKINS-25637 Use JenkinsRule.WebClient in the test Compare: https://github.com/jenkinsci/build-token-root-plugin/compare/b55500bb117d...1416f31b95cc

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                kflorian kflorian
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: