[ https://issues.jenkins-ci.org/browse/JENKINS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=161331#comment-161331 ]
jieryn commented on JENKINS-13038: ---------------------------------- Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore.. > HTML5 notifier plugin breaks Jenkins with CSRF protection > --------------------------------------------------------- > > Key: JENKINS-13038 > URL: https://issues.jenkins-ci.org/browse/JENKINS-13038 > Project: Jenkins > Issue Type: Bug > Components: html5-notifier > Environment: Jenkins 1.454 > HTML5 Notifier Plugin 1.1 > Reporter: mdp > Assignee: jieryn > Priority: Critical > > The prototype-1.7.js version included in the plugin replaces code from the > patched Prototype included in core Jenkins. > Result: with notifiers and CSRF protection enabled POSTs fail with 403. > One easily visible example: trying to disable an installed plugin results in > Status Code: 403 > Exception: No valid crumb was included in the request > displayed where the restart button should appear. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira