I have enabled CSRF in Jenkins with the Default Crumb Issuer enabled. I have disabled all anonymous access to my instance of Jenkins.
I am looking to make an API call to trigger a build using a Token. This API is a POST method and consequently, I need to first retrieve a bread crumb. However the /crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb) rejects any non-authenticated requests.
Is there anyway to make the crumbIssuer endpoint open to anonymous access? I would like to retrieve the crumb that is needed for the POST without needing to pass a user's credentials.
I reopened JENKINS-31515 with respect to this exact issue.
Is something like this even feasible?
Thanks,
Eric