jenkins error: "no valid crumb was included in the request"

一、问题描述(Problem Description):

在jenkins中创建新任务时候选择“拷贝已存在任务”,点击OK,跳转到下一步时候弹出如下错误信息:"No valid crumb was included in the request"

jenkins new job -> copy existing job -> click OK -> "No valid crumb was included in the request"

 

二、运行环境(Environment):

apache + jboss-as-7.1.1.Final,Windows XP SP3,jdk 1.6.0_33

 

三、错误原因(Reason):

jenkins在http请求头部中放置了一个名为.crumb的token。在使用了反向代理,并且在jenkins设置中勾选了“防止跨站点请求伪造(Prevent Cross Site Request Forgery exploits”之后此token会被转发服务器apache/nginx认为是不合法头部而去掉。导致跳转失败。

The problem is that jenkins stores its' csrf token in a http header called '.crumb', AFAIK headers must only contain alphanumerics and dashes, and apache/nginx will remove invalid headers from the request (unless configured not to).

 

四、解决方案(Solution):

1.在apache/nginx中设置ignore_invalid_headers,或者:

2.在jenkins全局安全设置中取消勾选“防止跨站点请求伪造(Prevent Cross Site Request Forgery exploits”。

1.Set ignore_invalid_headers in your apache/nginx server, or:

2.Uncheck "Prevent Cross Site Request Forgery exploits" in jenkins global security settings.

 

【参考资料(References)】

https://issues.jenkins-ci.org/browse/JENKINS-12875

http://en.wikipedia.org/wiki/Cross-site_request_forgery

http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html

posted @ 2017-03-30 14:10  脚本小娃子  阅读(1550)  评论(0编辑  收藏  举报