Hi, I've been bitten by the security fix in Jenkins LTS 2.176.3 to the CSRF protection, specifically the tying of a crumb to the session ID it was generated in.
There is a note in the upgrade guide <https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626> which suggests I can trigger builds using an API token without requiring a crumb, which is pretty much what I want to be able to do. It appears that I should be able to do this by sending a POST of the form: http://<username>:<API Token>@<Jenkins job URL>/build But I always get back a 403 No valid crumb was included in the request, which while 100% accurate was not what I expected. Any idea how I can do this? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/97c3ff89-83ab-42f9-bb89-72922a940383%40googlegroups.com.
