CentOS
jenkins package

Add CSRF token support

Bug #1732464 reported by Jakub Josef
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Python Jenkins
New
Undecided
Unassigned
jenkins (CentOS)
New
Undecided
Unassigned

Bug Description

Hi everyone,
we faced an issue with enable CSRF protection in Jenkins 2.89.
If we have this protection enabled call of build_job function from Python Jenkins fails with no error output. Call ends successfully without any log message, error or something like that. But no pipeline was triggered in Jenkins.

Disabling the protection in Jenkins will fix everything.

Do you have any plan to implement this feature? I can implement on my own too, i just want to ask if there is any existing way to fix it.

Thanks for your attention.

Revision history for this message
LINUS (linus20201) wrote :

Lets's Fix by ourself

Revision history for this message
Michael (wattersm) wrote :

I am also having this issue with Jenkins 2.249.2. Submitting a build using the python-jenkins module results in a 403 error from Jenkins which is behind an nginx proxy. The same request submitted using the HTTP GET method *will* work as shown below.

# 997 curl -v -X POST 'https://jenkins.example.com/job/openssh/buildWithParameters?cause=Test+Build&REPO=git%3A%2F%2Fpagure.example.com%2Fpuppet%2Fopenssh.git&BRANCH=master&BRANCH_TO=ssh_template_test&token=0KNNDFLIGOBW5WYOP7GBG5TZ4ZZO0WPB'

# 998 curl -v -X GET 'https://jenkins.example.com/job/openssh/buildWithParameters?cause=Test+Build&REPO=git%3A%2F%2Fpagure.example.com%2Fpuppet%2Fopenssh.git&BRANCH=master&BRANCH_TO=ssh_template_test&token=0KNNDFLIGOBW5WYOP7GBG5TZ4ZZO0WPB'

#10.201.64.43 - - [13/Oct/2020:08:53:28 -0400] "GET /job/openssh/buildWithParameters?cause=Test+Build&REPO=git%3A%2F%2Fpagure.example.com%2Fpuppet%2Fopenssh.git&BRANCH=master&BRANCH_TO=ssh_template_test&token=0KNNDFLIGOBW5WYOP7GBG5TZ4ZZO0WPB HTTP/1.1" 201 5 "-" "curl/7.29.0" "-"

#10.201.64.43 - - [13/Oct/2020:08:53:11 -0400] "POST /job/openssh/buildWithParameters?cause=Test+Build&REPO=git%3A%2F%2Fpagure.example.com%2Fpuppet%2Fopenssh.git&BRANCH=master&BRANCH_TO=ssh_template_test&token=0KNNDFLIGOBW5WYOP7GBG5TZ4ZZO0WPB HTTP/1.1" 403 578 "-" "curl/7.29.0" "-"

I also created a simple test script based on the lib_ci.py module from pagure which also receives a 403 error when submitting a build. The script is attached for reference.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.