Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

POST API calls '403 No valid crumb was included in the request'

See original GitHub issue

Expected Behavior

Use the jenkins-rest lib with user/password credentials to perform GET or POST underlying Rest API calls

Current Behavior

All POST requests fail when running Jenkins 2.176.2+/2.186+ with error: HTTP/1.1 403 No valid crumb was included in the request

Context

This issue only occurs when running Jenkins 2.176.2+/2.186+ and seems related to security settings changes: https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626 This link provides workarounds to make the calls work but they

  • require extra Jenkins configuration
  • reduce security protection

The security advisory suggests to now pass the session id retrieved when getting the crumb to all authenticated requests.
I currently don’t know this session id is the X-Jenkins-Session header or the JSESSIONID cookie.

Steps to Reproduce (for bugs)

Base commit: master branch b3e01c05 (latest 0.0.19 release is also affected)

  • Start a Jenkins 2.176.2+/2.186+ local instance (I used a Jenkins Docker container)
  • Jenkins configuration: activate the CSRF Protection and use the Default Crumb Issuer (see https://wiki.jenkins.io/display/JENKINS/CSRF+Protection)
  • Run integration tests: ./gradlew clean build integTest
  • All http POST requests to Jenkins API receive a HTTP 403 status response
Debug http traces generated by integration tests 

11:02:13.914 [Test worker] DEBUG org.jclouds.rest.internal.InvokeHttpMethod - >> invoking jobs:build
11:02:13.934 [Test worker] DEBUG org.jclouds.rest.internal.InvokeHttpMethod - >> invoking crumb-issuer:crumb
11:02:13.936 [Test worker] DEBUG org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Sending request 559347004: GET http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat%28//crumbRequestField,%22%3A%22,//crumb%29 HTTP/1.1
11:02:13.936 [Test worker] DEBUG jclouds.headers - >> GET http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat%28//crumbRequestField,%22%3A%22,//crumb%29 HTTP/1.1
11:02:13.937 [Test worker] DEBUG jclouds.headers - >> Accept: text/plain
11:02:13.937 [Test worker] DEBUG jclouds.headers - >> Authorization: Basic YWRtaW46YWRtaW4=
11:02:14.470 [Test worker] DEBUG org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Receiving response 559347004: HTTP/1.1 200 OK
11:02:14.471 [Test worker] DEBUG jclouds.headers - << HTTP/1.1 200 OK
11:02:14.471 [Test worker] DEBUG jclouds.headers - << X-Jenkins-Session: 0ae78274
11:02:14.471 [Test worker] DEBUG jclouds.headers - << X-Jenkins: 2.190.1
11:02:14.471 [Test worker] DEBUG jclouds.headers - << Server: Jetty(9.4.z-SNAPSHOT)
11:02:14.471 [Test worker] DEBUG jclouds.headers - << X-Content-Type-Options: nosniff
11:02:14.472 [Test worker] DEBUG jclouds.headers - << Set-Cookie: JSESSIONID.1af1c15a=node01gqw35ypjb5i9gnfzuer6qf60.node0;Path=/;HttpOnly
11:02:14.472 [Test worker] DEBUG jclouds.headers - << Date: Thu, 03 Oct 2019 09:02:14 GMT
11:02:14.472 [Test worker] DEBUG jclouds.headers - << Content-Type: text/plain;charset=utf-8
11:02:14.472 [Test worker] DEBUG jclouds.headers - << Content-Length: 78
11:02:14.475 [Test worker] DEBUG jclouds.headers - << Expires: Thu Jan 01 01:00:00 CET 1970
11:02:14.480 [Test worker] DEBUG jclouds.wire - << "Jenkins-Crumb:57de4a3074e2bee0231bdfab6bd63e33c9200501497fe83b3390c68dfe7edbb5"
11:02:14.484 [Test worker] DEBUG org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Sending request -134656407: POST http://127.0.0.1:8080/job/a0571fd6b9d8443ba593add116bae8a4/build HTTP/1.1
11:02:14.484 [Test worker] DEBUG jclouds.headers - >> POST http://127.0.0.1:8080/job/a0571fd6b9d8443ba593add116bae8a4/build HTTP/1.1
11:02:14.485 [Test worker] DEBUG jclouds.headers - >> Accept: application/unknown
11:02:14.485 [Test worker] DEBUG jclouds.headers - >> Authorization: Basic YWRtaW46YWRtaW4=
11:02:14.485 [Test worker] DEBUG jclouds.headers - >> Jenkins-Crumb: 57de4a3074e2bee0231bdfab6bd63e33c9200501497fe83b3390c68dfe7edbb5
11:02:14.502 [Test worker] DEBUG org.jclouds.http.internal.JavaUrlHttpCommandExecutorService - Receiving response -134656407: HTTP/1.1 403 No valid crumb was included in the request
11:02:14.502 [Test worker] DEBUG jclouds.headers - << HTTP/1.1 403 No valid crumb was included in the request
11:02:14.502 [Test worker] DEBUG jclouds.headers - << Server: Jetty(9.4.z-SNAPSHOT)
11:02:14.502 [Test worker] DEBUG jclouds.headers - << X-Content-Type-Options: nosniff
11:02:14.502 [Test worker] DEBUG jclouds.headers - << Set-Cookie: JSESSIONID.1af1c15a=node01ilzetxztr6rbbhspkddjs2fw1.node0;Path=/;HttpOnly
11:02:14.502 [Test worker] DEBUG jclouds.headers - << Date: Thu, 03 Oct 2019 09:02:14 GMT

Your Environment

JVM: 1.8.0_212 ( 25.212-b04) OS: Windows 10 10.0 amd64

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:16 (8 by maintainers)

github_iconTop GitHub Comments

33reactions
thiagoalvescommented, Nov 1, 2019

After a couple of hours of struggling, I was able to make it work with curl:

export JENKINS_URL=http://localhost
export JENKINS_USER=user
export JENKINS_TOKEN=mytoken
export COOKIE_JAR=/tmp/cookies

JENKINS_CRUMB=$(curl --silent --cookie-jar $COOKIE_JAR $JENKINS_URL'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)' -u $JENKINS_USER:$JENKINS_TOKEN)

echo $JENKINS_CRUMB

curl -I --cookie $COOKIE_JAR $JENKINS_URL/createItem?name=yourJob --data-binary @jenkins/config.xml -H $JENKINS_CRUMB -H "Content-Type:text/xml" -u $JENKINS_USER:$JENKINS_TOKEN -v
8reactions
daverod24commented, Oct 29, 2019

Good estimates

I have this problem activating CSRF Protection in the latest LTS version Centos 7.7 Jenkins version. 2,190.1 (installed by yum, not in container)   I get the crumb

crumb = $ (curl -u "admin: admin" -s 'http://192.168.10.2:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

and then I pass it with the operation that I want to perform

curl -u "admin: admin" -H "$ crumb" -X POST 'http://192.168.10.2:8080/job/ENV/build?delay=0sec'

this is the way out

<meta http-equiv = "Content-Type" content = "text / html; charset = utf-8" />
<title> Error 403 No valid crumb was included in the request </title>
</head>
<body> <h2> HTTP ERROR 403 </h2>
<p> Problem accessing / job / ENV / build. Reason:
<pre> No valid crumb was included in the request </pre>

I would like to know what state this is or what is the new way of working with the API to launch groovy scripts

Thanks in advance Regards

Read more comments on GitHub >

github_iconTop Results From Across the Web

Jenkins: 403 No valid crumb was included in the request
Basically, we need to first request for a crumb with authentication and then issue a POST API calls with a crumb as a...
Read more >
Navigation in Jenkins fails with 'No valid crumb was included ...
It is based on the client IP of the request and the value of the X-FORWARDED_FOR header. In some environments, this check would...
Read more >
'403: No valid crumb' Jenkins GitHub webhook error fix
Here's a quick fix to the "403 no crumb was included in the request" error you often see when a Jenkins GitHub webhook...
Read more >
HTTP ERROR 403 No valid crumb was included in the request
Hello, In the company I work for, we had a Jenkins 2.231 running on a Debian 8 system and since quite recently, I...
Read more >
http error 403 no valid crumb was included in the request
Then the POST API call with the above crumb information in it. curl -X POST http://jenkins-url:8080/job ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Not able to download jar using maven dependency and getting error No class found

Next page

[Question] buildWithParameters functionality