|
||||||||
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
[JIRA] (JENKINS-12875) "No valid crumb was included in the request" errors all around
onemanbuc...@java.net (JIRA) Thu, 25 Oct 2012 07:37:45 -0700
- [JIRA] (JENKINS-12875) "No valid crumb w... windyr...@java.net (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... windyr...@java.net (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... onemanbuc...@java.net (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... onemanbuc...@java.net (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... onemanbuc...@java.net (JIRA)
I reproduced the problem with a simple nginx reverse proxy and csrf enabled.
The problem is that jenkins stores its' csrf token in a http header called '.crumb', AFAIK headers must only contain alphanumerics and dashes, and nginx will remove invalid headers from the request (unless configured not to).
Sooo, a workaround is to use ignore_invalid_headers in nginx or disable csrf protection until patched.
I'll post a pull request shortly