gradle-jenkins-plugin icon indicating copy to clipboard operation
gradle-jenkins-plugin copied to clipboard

Published 20 hours ago verified publisher icon ghale

Jenkins 2.0 and Gradle 2.13 "No valid crumb was included in the request"

Open emartynov opened this issue 8 years ago • 9 comments

I don't know if it is a coincidence of two tools newest versions.

I'm getting error when trying to update jenkins items:

17:48:52.012 [DEBUG] [groovyx.net.http.RESTClient] POST http://localhost:8080/createItem?name=android-lov-545-login-tree-structure
17:48:52.012 [DEBUG] [org.apache.http.impl.conn.BasicClientConnectionManager] Get connection for route {}->http://localhost:8080
17:48:52.012 [DEBUG] [org.apache.http.impl.client.DefaultHttpClient] Stale connection check
17:48:52.014 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: default
17:48:52.014 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
17:48:52.014 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED
17:48:52.014 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: UNCHALLENGED
17:48:52.014 [DEBUG] [org.apache.http.impl.client.DefaultHttpClient] Attempt 1 to execute request
17:48:52.014 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Sending request: POST /createItem?name=android-lov-545-login-tree-structure HTTP/1.1
17:48:52.117 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 403 No valid crumb was included in the request

emartynov avatar Apr 29 '16 15:04 emartynov

Disabling security on the Jenkins server allowed me to work around this.

page: http://localhost:8080/configureSecurity/

options I changed

  • "Enable security":false
  • "Prevent Cross Site Request Forgery exploits":false

Depending on your use case that might not be acceptable though.

I'm using Jenking 2.0 (downloaded on 2016-04-28).

feyrob avatar Apr 29 '16 16:04 feyrob

Thanks, I found the same solution and it is acceptable for our case.

emartynov avatar May 02 '16 08:05 emartynov

Thanks @feyrob . Your answer help us a lot.

tianxiexingyun avatar Oct 13 '16 10:10 tianxiexingyun

Only setting "Prevent Cross Site Request Forgery exploits" to false worked for me, no need to disable global security entirely. Jenkins 2.7.4.

atom-b avatar Nov 17 '16 00:11 atom-b

Thansk @feyrob ..It Worked...

pjois14 avatar Mar 15 '17 12:03 pjois14

I don't like the solutions above for security reasons so no need to disable security stuff as shown here: http://www.inanzzz.com/index.php/post/jnrg/running-jenkins-build-via-command-line

bentcoder avatar Jun 04 '17 12:06 bentcoder

It would be great if the plugin would generate a crumb on its own. Having to turn off "Prevent Cross Site Request Forgery exploits" to get around this issue seems too much.

costimuraru avatar Sep 21 '17 22:09 costimuraru

Only setting "Prevent Cross Site Request Forgery exploits" to false worked for me too

gotoworld avatar Oct 24 '17 05:10 gotoworld

Corrected here for version 1.4.3: https://github.com/crc83/gradle-jenkins-plugin You may find this plugin here https://plugins.gradle.org/plugin/com.sbelei.jenkins

crc83 avatar Dec 08 '17 09:12 crc83