[JIRA] (JENKINS-13038) HTML5 notifier plugin breaks Jenkins with CSRF protection
[ https://issues.jenkins-ci.org/browse/JENKINS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=161331#comment-161331 ] jieryn commented on JENKINS-13038: -- Prototype 1.7 was included in the base Jenkins install. Is this now a problem on the default install? I don't think this is an html5-notifier-plugin issue anymore.. HTML5 notifier plugin breaks Jenkins with CSRF protection - Key: JENKINS-13038 URL: https://issues.jenkins-ci.org/browse/JENKINS-13038 Project: Jenkins Issue Type: Bug Components: html5-notifier Environment: Jenkins 1.454 HTML5 Notifier Plugin 1.1 Reporter: mdp Assignee: jieryn Priority: Critical The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins. Result: with notifiers and CSRF protection enabled POSTs fail with 403. One easily visible example: trying to disable an installed plugin results in Status Code: 403 Exception: No valid crumb was included in the request displayed where the restart button should appear. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-13038) HTML5 notifier plugin breaks Jenkins with CSRF protection
[ https://issues.jenkins-ci.org/browse/JENKINS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] jieryn updated JENKINS-13038: - Assignee: (was: jieryn) Component/s: core (was: html5-notifier) HTML5 notifier plugin breaks Jenkins with CSRF protection - Key: JENKINS-13038 URL: https://issues.jenkins-ci.org/browse/JENKINS-13038 Project: Jenkins Issue Type: Bug Components: core Environment: Jenkins 1.454 HTML5 Notifier Plugin 1.1 Reporter: mdp Priority: Critical The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins. Result: with notifiers and CSRF protection enabled POSTs fail with 403. One easily visible example: trying to disable an installed plugin results in Status Code: 403 Exception: No valid crumb was included in the request displayed where the restart button should appear. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-13038) HTML5 notifier plugin breaks Jenkins with CSRF protection
[ https://issues.jenkins-ci.org/browse/JENKINS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] jieryn resolved JENKINS-13038. -- Resolution: Fixed html5-notifier-plugin:1.2 was released: http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/html5-notifier-plugin/1.2/ HTML5 notifier plugin breaks Jenkins with CSRF protection - Key: JENKINS-13038 URL: https://issues.jenkins-ci.org/browse/JENKINS-13038 Project: Jenkins Issue Type: Bug Components: core Environment: Jenkins 1.454 HTML5 Notifier Plugin 1.1 Reporter: mdp Priority: Critical The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins. Result: with notifiers and CSRF protection enabled POSTs fail with 403. One easily visible example: trying to disable an installed plugin results in Status Code: 403 Exception: No valid crumb was included in the request displayed where the restart button should appear. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[JIRA] (JENKINS-13038) HTML5 notifier plugin breaks Jenkins with CSRF protection
mdp created JENKINS-13038: - Summary: HTML5 notifier plugin breaks Jenkins with CSRF protection Key: JENKINS-13038 URL: https://issues.jenkins-ci.org/browse/JENKINS-13038 Project: Jenkins Issue Type: Bug Components: html5-notifier Environment: Jenkins 1.454 HTML5 Notifier Plugin 1.1 Reporter: mdp Assignee: jieryn Priority: Critical The prototype-1.7.js version included in the plugin replaces code from the patched Prototype included in core Jenkins. Result: with notifiers and CSRF protection enabled POSTs fail with 403. One easily visible example: trying to disable an installed plugin results in Status Code: 403 Exception: No valid crumb was included in the request displayed where the restart button should appear. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira