jenkins.io icon indicating copy to clipboard operation
jenkins.io copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

Update CSRF related content

Open MarkEWaite opened this issue 4 years ago • 1 comments

The existing CSRF documentation on www.jenkins.io should be updated or rewritten from scratch.

Some references that can assist with the update and/or rewrite:

  • https://www.jenkins.io/changelog/#v2.222 made the crumb issuer always present, it no longer needs to be enabled. https://www.jenkins.io/doc/upgrade-guide/2.222/#always-enabled-csrf-protection explains some compatibility considerations.
  • Since https://www.jenkins.io/changelog-old/#v2.96 the remote API no longer requires crumbs when using API tokens instead of passwords for authentication. https://www.jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626 explains limitations when trying to use the remote API with a password in recent releases.

MarkEWaite avatar May 14 '20 20:05 MarkEWaite

I'm working on it.

getJv avatar Jun 06 '20 23:06 getJv