Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF Protection support #30

Open
Nachtfeuer opened this issue Jun 8, 2016 · 1 comment
Open

CSRF Protection support #30

Nachtfeuer opened this issue Jun 8, 2016 · 1 comment

Comments

@Nachtfeuer
Copy link

When you read here:
https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API

The problem is when the "Prevent Cross Site Request Forgery exploits" is enabled with a default user
then you need to fetch the token (see link) and passing it to the POST request. For the moment I disabled that on my local Jenkins to try out this library but finally that "feature" would be required.
@Nachtfeuer
Copy link
Author

Providing you some help on it:
You can specify another constant along with the ones you already have:
CRUMB='{0}/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

    def get_crumb(self):
        """
        Get crumb token required when the option
        'Prevent Cross Site Request Forgery exploits' is enable
        in the global security section of Jenkins.
        """
        response = self._build_get(CRUMB)
        return response.text

For each command (create, build, ...) you require handling by splitting the return of that functions which is "key:value" adding this to the request header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nachtfeuer