[
https://issues.jenkins-ci.org/browse/JENKINS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=161331#comment-161331
]
jieryn commented on JENKINS-13038:
----------------------------------
Prototype 1.7 was included in the base Jenkins install. Is this now a problem
on the default install? I don't think this is an html5-notifier-plugin issue
anymore..
> HTML5 notifier plugin breaks Jenkins with CSRF protection
> ---------------------------------------------------------
>
> Key: JENKINS-13038
> URL: https://issues.jenkins-ci.org/browse/JENKINS-13038
> Project: Jenkins
> Issue Type: Bug
> Components: html5-notifier
> Environment: Jenkins 1.454
> HTML5 Notifier Plugin 1.1
> Reporter: mdp
> Assignee: jieryn
> Priority: Critical
>
> The prototype-1.7.js version included in the plugin replaces code from the
> patched Prototype included in core Jenkins.
> Result: with notifiers and CSRF protection enabled POSTs fail with 403.
> One easily visible example: trying to disable an installed plugin results in
> Status Code: 403
> Exception: No valid crumb was included in the request
> displayed where the restart button should appear.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
