|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
I wonder if it makes sense for there to be an implicit CrumbExclusion for any UnprotectedRootAction. Or if the crumb filter could safely be relaxed to ignore requests carrying either no authentication (in which case presumably the request cannot be doing anything harmful), or BASIC authentication using the API token (which presumably would not be loaded into browser credentials and available for malicious scripts). Probably someone more expert in web security needs to weigh in on this.