-
New Feature
-
Resolution: Cannot Reproduce
-
Minor
-
None
-
Jenkins 2.46.3
I'm using python to do some API requests against a Jenkins instance that needs to be locked down, ie, the overall read permission for anonymous users must be unset, however, once I enable CSRF, I stop being able to access /crumbIssuer, even with valid credentials from a user using it's token.
Does it make sense to create a crumb issuer specific permission? This would allow me to give that permission to anonymous users which would then allow me to get the crumb before making any requests from a user with proper credentials...
Is this something that can be implemented with a plugin? Either by disabling any permissions required to READ /crumbIssuer ?