Skip to content
Browse files

Adds a CrumbExclusion for the GitHub WebHook page

The GitHub webhook endpoint should not be protected by the CSRF protection
built into Jenkins. This commit adds a CrumbExclusion filter so that the endpoint
created by c.c.j.GitHubWebHook is not protected using the CSRF crumb protection scheme.

Bumps Jenkins API version minimum amount required for CrumbExclusion.
  • Loading branch information...
lukegb committed Oct 24, 2013
1 parent 0604bac commit 5c2a04169171cb8e36da7ba39c4003aa318c74cb
@@ -3,7 +3,7 @@

@@ -37,6 +37,7 @@
public class GitHubWebHook implements UnprotectedRootAction {
private static final Pattern REPOSITORY_NAME_PATTERN = Pattern.compile("https?://([^/]+)/([^/]+)/([^/]+)");
public static final String URLNAME = "github-webhook";

public String getIconFileName() {
return null;
@@ -47,7 +48,7 @@ public String getDisplayName() {

public String getUrlName() {
return "github-webhook";
return URLNAME;

@@ -0,0 +1,32 @@
package com.cloudbees.jenkins;

import hudson.Extension;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.util.logging.Logger;

public class GitHubWebHookCrumbExclusion extends CrumbExclusion {

private static final Logger LOGGER = Logger.getLogger("com.cloudbees.jenkins.GitHubWebHookCrumbExclusion");

public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.equals(getExclusionPath())) {
chain.doFilter(req, resp);
return true;
return false;

public String getExclusionPath() {
return "/" + GitHubWebHook.URLNAME + "/";

0 comments on commit 5c2a041

Please sign in to comment.
You can’t perform that action at this time.