Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds a CrumbExclusion for the GitHub WebHook page
The GitHub webhook endpoint should not be protected by the CSRF protection built into Jenkins. This commit adds a CrumbExclusion filter so that the endpoint created by c.c.j.GitHubWebHook is not protected using the CSRF crumb protection scheme. Bumps Jenkins API version minimum amount required for CrumbExclusion.
- Loading branch information
Showing
3 changed files
with
35 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
src/main/java/com/cloudbees/jenkins/GitHubWebHookCrumbExclusion.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| package com.cloudbees.jenkins; | ||
|
|
||
| import hudson.Extension; | ||
| import hudson.security.csrf.CrumbExclusion; | ||
|
|
||
| import javax.servlet.FilterChain; | ||
| import javax.servlet.ServletException; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import javax.servlet.http.HttpServletResponse; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.logging.Logger; | ||
|
|
||
| @Extension | ||
| public class GitHubWebHookCrumbExclusion extends CrumbExclusion { | ||
|
|
||
| private static final Logger LOGGER = Logger.getLogger("com.cloudbees.jenkins.GitHubWebHookCrumbExclusion"); | ||
|
|
||
| @Override | ||
| public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException { | ||
| String pathInfo = req.getPathInfo(); | ||
| if (pathInfo != null && pathInfo.equals(getExclusionPath())) { | ||
| chain.doFilter(req, resp); | ||
| return true; | ||
| } | ||
| return false; | ||
| } | ||
|
|
||
| public String getExclusionPath() { | ||
| return "/" + GitHubWebHook.URLNAME + "/"; | ||
| } | ||
| } |