|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
- [JIRA] (JENKINS-12875) "No valid crumb w... [email protected] (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... [email protected] (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... [email protected] (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... [email protected] (JIRA)
- [JIRA] (JENKINS-12875) "No valid cr... [email protected] (JIRA)
I reproduced the problem with a simple nginx reverse proxy and csrf enabled.
The problem is that jenkins stores its' csrf token in a http header called '.crumb', AFAIK headers must only contain alphanumerics and dashes, and nginx will remove invalid headers from the request (unless configured not to).
Sooo, a workaround is to use ignore_invalid_headers in nginx or disable csrf protection until patched.
I'll post a pull request shortly