Jean-Christophe Sirot
created JENKINS-23370
Gitlab web hook fails when Cross Site Request Forgery protection is active
Issue Type:
Bug
Affects Versions:
current
Assignee:
Unassigned
Components:
gitlab-hook
Created:
09/Jun/14 9:39 AM
Description:
When the CSRF protection is set, the web hook requests fail with
Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.
because the POST request does not use a crumb.
The plugin should implement a CrumbExclusion like the gitbucket plugin
(see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)
Project:
Jenkins
Priority:
Blocker
Reporter:
Jean-Christophe Sirot
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--
You received this message because you are subscribed to the Google Groups Jenkins Issues group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.