[JIRA] (JENKINS-62093) Using GitHub Webhooks with Jenkins where CSRF-Protection is enabled

3 views
Skip to first unread message

thorsten.klein.95@gmail.com (JIRA)

unread,
Apr 29, 2020, 8:57:03 AM4/29/20
to jenkinsc...@googlegroups.com
Thorsten Klein created an issue
 
Jenkins / Bug JENKINS-62093
Using GitHub Webhooks with Jenkins where CSRF-Protection is enabled
Issue Type: Bug Bug
Assignee: Kirill Merkushev
Components: github-branch-source-plugin, github-plugin
Created: 2020-04-29 12:56
Environment: Jenkins Version 2.234
github-plugin version 1.29.5
github-branch-source-plugin version 2.7.1
Priority: Blocker Blocker
Reporter: Thorsten Klein

Hi,
I have a Jenkins instance set up with CSRF-Protection enabled.
Whenever I setup a webhook in GitHub, it fails due to 

Error 403 No valid crumb was included in the request

I tried everything I could find on the Internet:

  • using the strict crumb issuer with all different settings
  • allowing anonymous read and build access
  • setting up the github-plugin to manage webhooks (does not work, because of the app authentication used)

I'm also using JCasC for configuration of the Jenkins instance and I don't want to fiddle around with the XML configuration to disable CSRF-Protection to get this working.
There has to be a way to get this working, right?

Thanks in advance for any help

Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

thorsten.klein.95@gmail.com (JIRA)

unread,
Apr 29, 2020, 12:13:06 PM4/29/20
to jenkinsc...@googlegroups.com
Thorsten Klein closed an issue as Cannot Reproduce
Change By: Thorsten Klein
Status: Open Closed
Assignee: Kirill Merkushev Thorsten Klein
Resolution: Cannot Reproduce
Reply all
Reply to author
Forward
0 new messages