I've been bitten by the security fix in Jenkins LTS 2.176.3 to the CSRF 
protection, specifically the tying of a crumb to the session ID it was 
generated in.

There is a note in the upgrade guide 
<https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626> which suggests I 
can trigger builds using an API token without requiring a crumb, which is 
pretty much what I want to be able to do.  It appears that I should be able 
to do this by sending a POST of the form: http://<username>:<API 
Token>@<Jenkins job URL>/build

 But I always get back a 403 No valid crumb was included in the request, 
which while 100% accurate was not what I expected.

Any idea how I can do this?

You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to