Open ToShared opened 3 years ago
I solved this problem
The higher version of Jenkins opens CRFS by default
run this shell hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true
@ToShared Where should I run that shell command?
Where should I run that shell command?
Here http://localhost:8080/script
To disable CSRF, it can be done with groovy, open "Manage Jenkins" / "Script Console"
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
Problem persists after executing both scripts on 2,280. Any updates?
New feedback, I'm using Jenkins version 2.289.1, met the same issue and solved by running shell
hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true
thanks a lot!
Why do people think disabling CSRF protection is an acceptable workaround? We should not have to reduce our security posture just to use this API client.
will this project update for CSRF? I meet same issue when build job
resolved generate a user token from jenkins panel and new JenkinsServer() with username and token
JenkinsServer jenkins = new JenkinsServer(new URI("url"), JENKINS_USERNAME, JENKINS_PASSWORD);
if (jenkins.isRunning()) { jenkins.getJob(JENKINS_JOB).build(); System.out.println(jenkins.getJob(JENKINS_JOB).getLastBuild().details().getResult()); }
i set the correct username and password. but still status code: 403, reason phrase: Forbiddenthe jenkins user is super admin