I have enabled CSRF in Jenkins with the Default Crumb Issuer enabled. I have disabled all anonymous access to my instance of Jenkins.
I am looking to make an API call to trigger a build using a Token. This API is a POST method and consequently, I need to first retrieve a bread crumb. However the /crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb) rejects any non-authenticated requests. Is there anyway to make the crumbIssuer endpoint open to anonymous access? I would like to retrieve the crumb that is needed for the POST without needing to pass a user's credentials. I reopened JENKINS-31515 with respect to this exact issue. Is something like this even feasible? Thanks, Eric -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/bd178eab-44d6-43ee-a24a-feeb9b910e70%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
