crumbIssuer
temporary settings in Script:
change in Configure Global Security

Upgrading to Jenkins 2.176.2
/
tokens (crumbs) are now only valid for the web session they were created in to limit the impact of attackers obtaining them. Scripts that obtain a crumb using the `/crumbIssuer/api` URL will now fail to perform actions protected from CSRF unless the scripts retain the web session ID in subsequent requests. - [CSRF Protection Explained](https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained)
working with session after 2.176.2
since SECURITY-626
2.176.2
since SECURITY-626references:
via curl
[!TIP] check cookie
via wget
example
with crumb only
will get issue
403: No valid crumb was included in the request
with crumb and cookie
To disable this improvement you can set the system property
via plugin Strict Crumb Issuer
get crumberIssuer with script
Last updated
Was this helpful?