Skip to content
Permalink
Browse files

[JENKINS-34350] Fix POST to /git/notifyCommit with CSRF protection on

  • Loading branch information...
liskin committed Apr 21, 2017
1 parent bc51d27 commit 8ac8cc9e89809132355d701586babb9c19f1b88c
Showing with 32 additions and 0 deletions.
  1. +32 −0 src/main/java/hudson/plugins/git/GitStatusCrumbExclusion.java
@@ -0,0 +1,32 @@
package hudson.plugins.git;

import hudson.Extension;
import hudson.security.csrf.CrumbExclusion;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
* Make POST to /git/notifyCommit work with CSRF protection on.
*/
@Extension
public class GitStatusCrumbExclusion extends CrumbExclusion {

@Override
public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)
throws IOException, ServletException {
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.equals(getExclusionPath())) {
chain.doFilter(req, resp);
return true;
}
return false;
}

public String getExclusionPath() {
return "/git/notifyCommit";
}
}

0 comments on commit 8ac8cc9

Please sign in to comment.
You can’t perform that action at this time.