Gitlab web hook fails when Cross Site Request Forgery protection is active

[jcsirot]

When the CSRF protection is set in Jenkins security config, the web hook requests fail with this error:

Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.

This is caused by the POST request which does not use a crumb.

A simple fix could be implementing a CrumbExclusion in the plugin like the gitbucket plugin
(see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)

(I already opened a ticket in Jenkins JIRA JENKINS-23370; but maybe here is a better place)

[elvanja]

👍 agree, will see how to accomplish it...

[elvanja]

Version 1.1.0 has this resolved. If the plugin version doesn't come up on Manage Plugins page, you can install manually from http://repo.jenkins-ci.org/releases/org/jenkins-ci/ruby-plugins/gitlab-hook/1.1.0/.

[Kraeutergarten]

Same Problem now again.

[daikaixian]

Same Problem now again.

[MaikoHermans]

@daikaixian I second this

[matt-dalton]

Also found this