Omit crumb when triggering build remotely?

[Daniel Lo Nigro]

I have a job that I'm triggering remotely using the "Trigger builds remotely" trigger along with an authentication token. However, even though the authentication token is required as part of the request, I still need to acquire a crumb using /crumbIssuer/api/json and pass it in the Jenkins-Crumb header. 

That seems unnecessary - The purpose of the crumb is to avoid CSRF attacks, but that's already achieved through the authentication token (assuming the token is kept secret).

Is there a way I can avoid having to acquire and pass the Jenkins-Crumb for remotely triggering builds, without totally disabling CSRF protection (which is useful for the web UI)?

Thanks!

[Mark Waite]

As far as i know, the code currently does not accept valid authentication instead of crumbs when CSRF protection is enabled.  That is an open enhancement request, but has not been implemented yet.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/95e63624-d976-43a8-8a39-0505978ec4d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.