Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32346

Invalid crumb running behind proxy

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Component/s: html5-notifier-plugin
    • Labels:
    • Environment:
      Jenkins 1.625.3
      Red Hat Enterprise Linux Server 6.4
      Apache HTTP Server 2.2.15
    • Similar Issues:

      Description

      The Jenkins log is filled with these entries every several seconds (each unique crumb repeats every 30 seconds) with the HTML5 Notifier Plugin enabled, running Jenkins behind a proxy:

      Jan 07, 2016 11:18:00 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb <crumb>. Will check remaining parameters for a valid one...
      Jan 07, 2016 11:18:00 AM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /jenkins/html5-notifier-plugin/list. Returning 403.

      It doesn't appear any specific action is required for this to occur, other than an open session.

      My Jenkins instance is configured to run behind an Apache proxy, with "Prevent Cross Site Request Forgery exploits" and "Enable proxy compatibility" enabled under global security.

      A similar issue was recently resolved for the GitHub plugin: https://issues.jenkins-ci.org/browse/JENKINS-10263

        Attachments

          Activity

          Hide
          halkeye Gavin Mogan added a comment -

          Oh cool. I'll resetup my dev env and try to take a look at it tonight after work

          Show
          halkeye Gavin Mogan added a comment - Oh cool. I'll resetup my dev env and try to take a look at it tonight after work
          Hide
          halkeye Gavin Mogan added a comment -

          Does it specifically only break when running under apache?

          I wonder if its just a new version of jenkins, with 1.455 I see ".crumb:0dc70991ba026a73791697d28bdddc24" header in chrome network tool.

          Can you give me a HAR or curl from chrome of it not working? I'm thinking its apache stripping the header.

          Show
          halkeye Gavin Mogan added a comment - Does it specifically only break when running under apache? I wonder if its just a new version of jenkins, with 1.455 I see ".crumb:0dc70991ba026a73791697d28bdddc24" header in chrome network tool. Can you give me a HAR or curl from chrome of it not working? I'm thinking its apache stripping the header.

            People

            • Assignee:
              halkeye Gavin Mogan
              Reporter:
              dpaulat Dan Paulat
            • Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: