Gitlab-plugin: Hook doesn't work when CSRF is enabled

Created on 27 Jul 2016  路  3Comments  路  Source: jenkinsci/gitlab-plugin

Before submitting an issue to I have first:

  • [x] read the documentation on the homepage
  • [x] searched for similar already existing issue

_(if you have performed all the above, remove the paragraph and continue describing the issue with template below)_

Issue

Context

  • Gitlab plugin version: 1.3.0
  • Gitlab version: 8.9
  • Jenkins version: 2.1.4

    Logs & Traces

Hook executed successfully but returned HTTP 403 Error 403 No valid crumb was included in the request

HTTP ERROR 403

Problem accessing /job/TestCiWorkflowProduction/build. Reason:

 No valid crumb was included in the request


Powered by Jetty://

Problem description

When CSRF protection is enabled in Jenkins, the Web Hook from GitLab fails with the above message. I see some code in this plugin that suggests it should be excluding it's endpoints from CSRF protection but I'm not 100% sure. Is this supposed to work or is it something that needs to be added?

Most helpful comment

You are using the wrong URL. /project/TestCiWorkflowProduction would be the correct one for your case. The URL mentioned by you is an internal URL of the Jenkins and has nothing to do with this plugin.

All 3 comments

You are using the wrong URL. /project/TestCiWorkflowProduction would be the correct one for your case. The URL mentioned by you is an internal URL of the Jenkins and has nothing to do with this plugin.

@coder-hugo 馃槥 Derp. Thanks for pointing that out.

Thanks @coder-hugo

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ffrddrll picture ffrddrll  路  6Comments

dcuenot picture dcuenot  路  5Comments

samsieber picture samsieber  路  5Comments

robphoenix picture robphoenix  路  3Comments

sfransen picture sfransen  路  3Comments