If you enable "Prevent Cross Site Request Forgery exploits" in Jenkins, it starts sending .crumb header with csrf token.
However, by default Nginx accepts only alpha-numeric headers.
This change allowed Nginx to pass this header through.
Otherwise Jenkins will begin cursing with "403 No valid crumb included in request".
klen
commented
9 years ago
If you enable "Prevent Cross Site Request Forgery exploits" in Jenkins, it starts sending
.crumbheader with csrf token. However, by default Nginx accepts only alpha-numeric headers. This change allowed Nginx to pass this header through. Otherwise Jenkins will begin cursing with "403 No valid crumb included in request".