[JIRA] (JENKINS-38966) Rename job: No valid crumb was included in the request

ullrich.hafner@gmail.com (JIRA)

unread,

Oct 13, 2016, 12:45:05 PM10/13/16

to jenkinsc...@googlegroups.com

Ulli Hafner created an issue

Jenkins /

JENKINS-38966

Rename job: No valid crumb was included in the request

Issue Type:	Bug
Assignee:	Unassigned
Components:	core
Created:	2016/Oct/13 4:44 PM
Environment:
Priority:	Major
Reporter:	Ulli Hafner

Steps to reproduce:

Create a Pipeline job with the name 'Pipeline - Analysis'
Open 'Pipeline - Analysis'->Configure (context menu)
Rename to 'Pipeline-Analysis' (no spaces)
[Confirmation] Press yes

 
                                                                HTTP ERROR 403

Problem accessing /job/Pipeline%20-%20Analysis/doRename. Reason:

    No valid crumb was included in the request

Powered by Jetty://

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

ullrich.hafner@gmail.com (JIRA)

unread,

Oct 13, 2016, 12:47:01 PM10/13/16

to jenkinsc...@googlegroups.com

Ulli Hafner updated an issue

Jenkins /

JENKINS-38966

Rename job: No valid crumb was included in the request

Change By:	Ulli Hafner

Steps to reproduce:

# Create a Pipeline job with the name 'Pipeline - Analysis'
# Open 'Pipeline - Analysis'->Configure (context menu)
# Rename to 'Pipeline-Analysis' (no spaces)
# [Confirmation] Press yes

{noformat}

HTTP ERROR 403

Problem accessing /job/Pipeline%20-%20Analysis/doRename. Reason:

No valid crumb was included in the request

Powered by Jetty://

{noformat}

Snippet from the log
{noformat}
Oct 13, 2016 5:46:17 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /job/Pipeline%20-%20Analysis/doRename. Returning 403.
Oct 13, 2016 5:46:26 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /job/Pipeline%20-%20Analysis/doRename. Returning 403.
Oct 13, 2016 5:47:02 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /job/Pipeline%20-%20Analysis/doRename. Returning 403.

{noformat}

Add Comment

ullrich.hafner@gmail.com (JIRA)

unread,

Oct 13, 2016, 12:49:01 PM10/13/16

to jenkinsc...@googlegroups.com

Ulli Hafner commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

Hmm, seem to work now: I actually did not change anything and the rename succeeded now. However I now get an exception in the log:

 
                                                                Oct 13, 2016 6:44:26 PM org.jenkinsci.plugins.workflow.graph.FlowNode loadParents
WARNING: failed to load parents of 14
java.io.IOException: java.util.concurrent.ExecutionException: java.io.FileNotFoundException: /Users/hafner/Development/jenkins/jobs/Pipeline - Analysis/builds/8/workflow/13.xml (No such file or directory)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage.getNode(SimpleXStreamFlowNodeStorage.java:82)
	at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution.getNode(CpsFlowExecution.java:871)
	at org.jenkinsci.plugins.workflow.graph.FlowNode.loadParents(FlowNode.java:130)
	at org.jenkinsci.plugins.workflow.graph.FlowNode.getParents(FlowNode.java:120)
	at org.jenkinsci.plugins.workflow.graphanalysis.ForkScanner.isParallelEnd(ForkScanner.java:150)
	at org.jenkinsci.plugins.workflow.graphanalysis.ForkScanner.setHeads(ForkScanner.java:402)
	at org.jenkinsci.plugins.workflow.graphanalysis.AbstractFlowScanner.setup(AbstractFlowScanner.java:140)
	at org.jenkinsci.plugins.workflow.graphanalysis.AbstractFlowScanner.setup(AbstractFlowScanner.java:151)
	at org.jenkinsci.plugins.workflow.graphanalysis.ForkScanner.visitSimpleChunks(ForkScanner.java:552)
	at com.cloudbees.workflow.rest.external.RunExt.createNew(RunExt.java:318)
	at com.cloudbees.workflow.rest.external.RunExt.create(RunExt.java:306)
	at com.cloudbees.workflow.rest.external.JobExt.create(JobExt.java:131)
	at com.cloudbees.workflow.rest.endpoints.JobAPI.doRuns(JobAPI.java:72)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:324)
	at com.cloudbees.workflow.util.ServeJson$Processor.invoke(ServeJson.java:30)
	at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:167)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:100)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:124)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.MetaClass$11.dispatch(MetaClass.java:380)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:233)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:86)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.util.concurrent.ExecutionException: java.io.FileNotFoundException: /Users/hafner/Development/jenkins/jobs/Pipeline - Analysis/builds/8/workflow/13.xml (No such file or directory)
	at com.google.common.util.concurrent.AbstractFuture$Sync.getValue(AbstractFuture.java:289)
	at com.google.common.util.concurrent.AbstractFuture$Sync.get(AbstractFuture.java:276)
	at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:111)
	at com.google.common.util.concurrent.Uninterruptibles.getUninterruptibly(Uninterruptibles.java:132)
	at com.google.common.cache.LocalCache$Segment.getAndRecordStats(LocalCache.java:2381)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2351)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3969)
	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4829)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage.getNode(SimpleXStreamFlowNodeStorage.java:80)
	... 85 more
Caused by: java.io.FileNotFoundException: /Users/hafner/Development/jenkins/jobs/Pipeline - Analysis/builds/8/workflow/13.xml (No such file or directory)
	at java.io.FileInputStream.open0(Native Method)
	at java.io.FileInputStream.open(FileInputStream.java:195)
	at java.io.FileInputStream.<init>(FileInputStream.java:138)
	at hudson.XmlFile.read(XmlFile.java:140)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage.load(SimpleXStreamFlowNodeStorage.java:114)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage.access$000(SimpleXStreamFlowNodeStorage.java:62)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage$1.load(SimpleXStreamFlowNodeStorage.java:67)
	at org.jenkinsci.plugins.workflow.support.storage.SimpleXStreamFlowNodeStorage$1.load(SimpleXStreamFlowNodeStorage.java:65)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
	... 91 more
 
                                                            

Add Comment

dbeck@cloudbees.com (JIRA)

unread,

Oct 19, 2016, 4:30:02 AM10/19/16

to jenkinsc...@googlegroups.com

Daniel Beck commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

What version of Jenkins is this?

Add Comment

ullrich.hafner@gmail.com (JIRA)

unread,

Oct 19, 2016, 8:54:02 AM10/19/16

to jenkinsc...@googlegroups.com

Ulli Hafner updated an issue

Jenkins /

JENKINS-38966

Rename job: No valid crumb was included in the request

Change By:	Ulli Hafner
Environment:	jenkins 2.19.1

Add Comment

ullrich.hafner@gmail.com (JIRA)

unread,

Oct 19, 2016, 8:54:05 AM10/19/16

to jenkinsc...@googlegroups.com

Ulli Hafner commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

Sorry, forgot to update environment: Latest LTS 2.19.1

Add Comment

f.modler@gmx.net (JIRA)

unread,

Feb 15, 2017, 8:05:03 AM2/15/17

to jenkinsc...@googlegroups.com

Falko Modler commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

Same here on 2.32.2 LTS.

Add Comment

dbeck@cloudbees.com (JIRA)

unread,

Feb 15, 2017, 8:29:01 AM2/15/17

to jenkinsc...@googlegroups.com

Daniel Beck commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

Would be interesting to know what the request headers sent by the browser are.

Also, whether the source web page had finished loading when you submitted the form.

Add Comment

maclemming+jenkins@gmail.com (JIRA)

unread,

May 23, 2018, 3:08:02 PM5/23/18

to jenkinsc...@googlegroups.com

Scott Hubbard commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

I am able to reproduce this on 2.107.3. The steps are the same as in the description, but you need to be fast to click on the confirmation button. I found it because my Firefox loads the page very slowly, so the "yes" button was the default button style, and not the blue box. If I click the button quickly, then I get the same error. If I wait a few seconds for the button to turn to the blue box and click it, then the rename works. I think Daniel is correct about the page not being finished.

Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

pjdarton@gmail.com (JIRA)

unread,

Oct 5, 2018, 6:13:05 AM10/5/18

to jenkinsc...@googlegroups.com

pjdarton commented on

JENKINS-38966

Re: Rename job: No valid crumb was included in the request

(I've just spotted this; sorry I'm late to comment)
I've seen this issue, on and off, for some time now. In my experience, it's not very predictable, but the hypothesis that it's caused by pages being incompletely loaded is plausible ... although I've experienced this sort of thing when doing a mass of job renames in multiple tabs when I've left a good deal of time between when I originally asked for the page to load and when I tried to use the page.

IMO the basic requirement here is that the anti-CRFS functionality should not break things just because a user didn't wait for cosmetic fluff to finish loading - all essential functionality should be in place before the user is allowed to click on anything.

I would point out, however, that you don't need to be "fast" to be able to click on things before the page had finished loading; you'd just need to be "faster" than the page loading time, which might actually be very slow, thus allowing a user who's acting at a "perfectly reasonable speed" to be way ahead of their browser.
In my experience, with a heavily loaded Jenkins server that's running on a VM that's on a heavily loaded Hypervisor that's accessed over a heavily loaded corporate WAN, I don't need to act "fast" to be faster than the Jenkins UI - the Jenkins UI can be very slow. I guess it's possible that Jenkins was so slow that it might not have finished loading pages despite me waiting...