[JIRA] (JENKINS-7518) CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

2013-01-21 Thread sne...@gmail.com (JIRA)














































Derek E
 commented on  JENKINS-7518


CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies















I agree with the comment about switching to a more compatible header like "x-jenkins-crumb".  There is some concern that disabling the nginx 



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira






[JIRA] (JENKINS-7518) CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

2013-01-21 Thread sne...@gmail.com (JIRA)












































  
Derek E
 edited a comment on  JENKINS-7518


CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies
















I agree with the comment about switching to a more compatible header like "x-jenkins-crumb".   



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira






[JIRA] (JENKINS-7518) CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx proxies

2012-03-09 Thread m...@java.net (JIRA)

[ 
https://issues.jenkins-ci.org/browse/JENKINS-7518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=160078#comment-160078
 ] 

mdp commented on JENKINS-7518:
--

nginx by default disallows some characters in header names that the HTTP 
specification allows: 
http://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers
'.' is one of them, so the .crumb header gets filtered out.

This can be turned off as per the linked page - worth noting in documentation 
(in crumb issuer configuration help?).
But maybe switching to a more compatible header (x-jenkins-crumb?) would be a 
safer choice?

> CLONE -Crumb breaks ajax request behind proxies. -- Still broken behind nginx 
> proxies
> -
>
> Key: JENKINS-7518
> URL: https://issues.jenkins-ci.org/browse/JENKINS-7518
> Project: Jenkins
>  Issue Type: Bug
>  Components: core
>Affects Versions: current
> Environment: Platform: All, OS: All
>Reporter: cap10morgan
>Assignee: Dean Yu
> Fix For: current
>
>
> Hudson: 1.310-SNAPSHOT (svn trunk)
> I checked "Prevent Cross Site Request Forgery exploits", then ajax request 
> like
> ajaxBuildQueue returned "HTTP/1.1 430 Forbidden".
> I use Hudson installation behind some proxies.
> In hudson.security.csrf.DefaultCrumbIssuer L58, "Request#getRemoteAddr()" is
> used to update MessageDigest. but it will return diffrent IP behind proxies 
> each
> request.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira