If you enable "Prevent Cross Site Request Forgery exploits" in Jenkins, it starts sending .crumb header with csrf token.
However, by default Nginx accepts only alpha-numeric headers.
This change allowed Nginx to pass this header through.
Otherwise Jenkins will begin cursing with "403 No valid crumb included in request".
If you enable "Prevent Cross Site Request Forgery exploits" in Jenkins, it starts sending
.crumb
header with csrf token. However, by default Nginx accepts only alpha-numeric headers. This change allowed Nginx to pass this header through. Otherwise Jenkins will begin cursing with "403 No valid crumb included in request".