Cannot access crumbIssuer with anonymous access turned off without passing authentication parameters?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Cannot access crumbIssuer with anonymous access turned off without passing authentication parameters?

Eric B
I have enabled CSRF in Jenkins with the Default Crumb Issuer enabled.  I have disabled all anonymous access to my instance of Jenkins.

I am looking to make an API call to trigger a build using a Token.  This API is a POST method and consequently, I need to first retrieve a bread crumb.  However the /crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb) rejects any non-authenticated requests.

Is there anyway to make the crumbIssuer endpoint open to anonymous access?  I would like to retrieve the crumb that is needed for the POST without needing to pass a user's credentials.

I reopened JENKINS-31515 with respect to this exact issue.

Is something like this even feasible?

Thanks,

Eric

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/bd178eab-44d6-43ee-a24a-feeb9b910e70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.