Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jenkins -> 403 No valid crumb was included in the request #2067

Closed
RTBathula opened this issue Oct 27, 2017 · 27 comments

Comments

Projects
None yet
@RTBathula
Copy link

commented Oct 27, 2017

When I intergrated Jenkins through halyard, and executed the pipeline, the pipeline is failing with error
403 No valid crumb was included in the request.

I have read https://stackoverflow.com/questions/44711696/spinnaker-403-no-valid-crumb-was-included-in-the-request. But disabling "Prevent Cross Site Request Forgery exploits" is not a good option.

My Cloud Provider
Installed halyard in google Cloud VM and deployed all spinnaker components in Kubernetes cluster which is also running in GCP.

Additional Details, I configured Jenkins URL and username and password through halyard
Ref -> https://www.spinnaker.io/reference/halyard/commands/#hal-config-ci-jenkins-master-add

@emptywee

This comment has been minimized.

@jtk54 jtk54 self-assigned this Feb 8, 2018

@jtk54

This comment has been minimized.

Copy link
Contributor

commented Feb 8, 2018

I came across the same issue today. Igor's Jenkins integration doesn't mediate the CSRF crumbs at all. I'm looking into fixing this.

@jtk54

This comment has been minimized.

Copy link
Contributor

commented Feb 9, 2018

@alexfmanihuruk

This comment has been minimized.

Copy link

commented Jul 25, 2018

i used valid crumb as header, but still error
403 No valid crumb was included in the request

@2kewl4u

This comment has been minimized.

Copy link

commented Jul 25, 2018

I came along this issue when we changed jenkins to be accessible via reverse proxy.

There is an option in the "Global Security Settings" that "Enables the Compatibilty Mode for proxies". This helped with my issue.

@mlescaudron

This comment has been minimized.

Copy link

commented Aug 15, 2018

Same issue with Github payload, Enables the Compatibilty Mode for proxies doesn't solve the problem

@SimonSDA

This comment has been minimized.

Copy link

commented Sep 7, 2018

I get this randomly trying to apply or save a Jenkins job. After several more goes it eventually works :/

@vidibon2000

This comment has been minimized.

Copy link

commented Oct 14, 2018

I had the same issue, what I did was access Jenkins as I did before enabling my reverse proxy (i.e using the server ip and port directly), then selected the "Enable the Compatibilty Mode for proxies" setting. It saved successfully then i re-enabled my proxy and henceforth no issues

@jtk54

This comment has been minimized.

Copy link
Contributor

commented Oct 15, 2018

Care to submit a PR to the docs describing the extra proxy settings?

@abdennour

This comment has been minimized.

Copy link

commented Nov 3, 2018

I opened Jenkins and I started configured new item.
I went shopping and I returned back after ~3 hours. I resumed the configuration of the new item, I saw the same error (403) when I added the git repo url, I refreshed the page and I found that I was logged out.

The remediation is to sign in again.

@iranicus

This comment has been minimized.

Copy link

commented Nov 18, 2018

Yeah I just got hit for the first time by this today having never seen it before, seems like retrying the build after a couple of times got by this, although its rather annoying if it happens when the SCM is polled automatically by Jenkins since we wouldn't know of the issue unless we checked.

@phlegx

This comment has been minimized.

Copy link

commented Nov 26, 2018

I came along this issue when we changed Jenkins to be accessible via reverse proxy.

There is an option in the "Global Security Settings" that "Enables the Compatibilty Mode for proxies". This helped with my issue.

Actually I have this Enable proxy compatibility enabled, but still I get the error. Only when I disable the CSFR Protection it works. I will check my Nginx Proxy settings again.

@phlegx

This comment has been minimized.

Copy link

commented Nov 26, 2018

I now fixed some minor (non) issues in the Jenkins Nginx vhost. But no luck I still get:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /script. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.z-SNAPSHOT</a><hr/>

</body>
</html>

basically this is how I call Jenkins (+ username and password)

curl -d "script=<your_script_here>" https://jenkins/script
@damontic

This comment has been minimized.

Copy link

commented Nov 27, 2018

If you have this error after adding a Jenkins for ci make sure that you add the jenkins server specifying --csrf true in the "hal config ci jenkins master add ... --csrf true" command.
This worked for me with Spinnaker 1.9.5

@SimonSDA

This comment has been minimized.

Copy link

commented Dec 13, 2018

Further to this, it seems to happen if either an unsaved job config is left open for a while and attempting to Apply/Save, or if the Script Console window is left open for a certain amount of time and Run is clicked. Very annoying...

@ykfq

This comment has been minimized.

Copy link

commented Jan 16, 2019

Check this setting in Global Security Settings - CSRF Protection
image

@Vladimir-csp

This comment has been minimized.

Copy link

commented Jan 21, 2019

I have this problem after upgrade to 2.160 on FreeBSD, any action requiring POST seems to trigger this error. Proxy compatibility option is checked (and was checked before), had to downgrade. Jenkins sits behind nginx and uses AD auth plugin.

@ChristianCiach

This comment has been minimized.

Copy link

commented Feb 4, 2019

Yep. Our Jenkins behind Nginx broke today after updating from 2.159-1 to 2.163-1.

The nginx is configured exactly like the wiki says, so I don't know how to fix that.

@jtk54

This comment has been minimized.

Copy link
Contributor

commented Feb 4, 2019

For the folks that had this happen after upgrading, can you narrow down a the version in which the breakage happens and describe how it manifested? e.g. igor logs or error responses to requests would help.

@pavel-machyniak

This comment has been minimized.

Copy link

commented Feb 14, 2019

Exactly the same problem here, no POST action possible. Version 2.16 & 2.164. After manual downgrade to 2.159 it works fine. Unfortunately can't find anything useful in the logs.

Behaviour: all HTTP GET actions works just fine, but anything happening via HTTP POST action resolves to 403/"No valid crumb was included in the request"

@ChristianCiach

This comment has been minimized.

Copy link

commented Feb 14, 2019

For the other people finding this issue through google:

For us, the culprit was the Kerberos SSO plugin. This bug is already reported at the Jenkins issue tracker:

https://issues.jenkins-ci.org/browse/JENKINS-55698
https://issues.jenkins-ci.org/browse/JENKINS-55974

Edit: That being said, the issue is supposedly fixed in Kerberos SSO 1.5, released about three hours ago.

@SuryaShailendra

This comment has been minimized.

Copy link

commented Feb 16, 2019

uncheck the enable security option in configure global security.

@SantoshKumarA

This comment has been minimized.

Copy link

commented Feb 18, 2019

Exactly the same problem here, no POST action possible. Version 2.16 & 2.164. After manual downgrade to 2.159 it works fine. Unfortunately can't find anything useful in the logs.

Behaviour: all HTTP GET actions works just fine, but anything happening via HTTP POST action resolves to 403/"No valid crumb was included in the request"

For me, it just worked after removing Prevent Cross Site Request Forgery exploits

@SantoshKumarA

This comment has been minimized.

Copy link

commented Feb 18, 2019

uncheck the enable security option in configure global security.

This too worked, but it opens up anyone to trigger the build.

@pavel-machyniak

This comment has been minimized.

Copy link

commented Feb 18, 2019

Just upgrade broken Kerberos SSO plugin to 1.5 as pointed by ChristianCiach. It works instantly.

@SantoshKumarA

This comment has been minimized.

Copy link

commented Feb 18, 2019

Check if this helps (curl request with keeping the CSRF security in place)
Solution to No valid crumb was included in the request

@rajatrj16

This comment has been minimized.

Copy link

commented May 8, 2019

Enabling this will work
This could happen if your G-Suit Blocking it.
Use <smtp.sendgrid.com> or any other smtp service instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.