Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gitlab web hook fails when Cross Site Request Forgery protection is active #30

Closed
jcsirot opened this Issue Jun 16, 2014 · 6 comments

Comments

Projects
None yet
6 participants
@jcsirot
Copy link

jcsirot commented Jun 16, 2014

When the CSRF protection is set in Jenkins security config, the web hook requests fail with this error:

Jun 9, 2014 9:31:58 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /gitlab/notify_commit. Returning 403.

This is caused by the POST request which does not use a crumb.

A simple fix could be implementing a CrumbExclusion in the plugin like the gitbucket plugin
(see https://github.com/jenkinsci/gitbucket-plugin/blob/master/src%2Fmain%2Fjava%2Forg%2Fjenkinsci%2Fplugins%2Fgitbucket%2FGitBucketWebHook.java)

(I already opened a ticket in Jenkins JIRA JENKINS-23370; but maybe here is a better place)

@elvanja

This comment has been minimized.

Copy link
Owner

elvanja commented Jun 17, 2014

👍 agree, will see how to accomplish it...

@elvanja elvanja added enhancement and removed duplicate labels Jun 17, 2014

elvanja added a commit that referenced this issue Jul 13, 2014

issue #30 related
added crumb exclusion for the hook
@elvanja

This comment has been minimized.

Copy link
Owner

elvanja commented Jul 15, 2014

Version 1.1.0 has this resolved. If the plugin version doesn't come up on Manage Plugins page, you can install manually from http://repo.jenkins-ci.org/releases/org/jenkins-ci/ruby-plugins/gitlab-hook/1.1.0/.

@elvanja elvanja closed this Jul 15, 2014

@Nosxxx

This comment has been minimized.

Copy link

Nosxxx commented Oct 27, 2015

Same Problem now again.

1 similar comment
@daikaixian

This comment has been minimized.

Copy link

daikaixian commented Aug 23, 2016

Same Problem now again.

@MaikoHermans

This comment has been minimized.

Copy link

MaikoHermans commented Aug 25, 2016

@daikaixian I second this

@matt-dalton

This comment has been minimized.

Copy link

matt-dalton commented Sep 30, 2016

Also found this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.