一、问题描述(Problem Description):
在jenkins中创建新任务时候选择“拷贝已存在任务”,点击OK,跳转到下一步时候弹出如下错误信息:"No valid crumb was included in the request"
jenkins new job -> copy existing job -> click OK -> "No valid crumb was included in the request"
二、运行环境(Environment):
apache + jboss-as-7.1.1.Final,Windows XP SP3,jdk 1.6.0_33
三、错误原因(Reason):
jenkins在http请求头部中放置了一个名为.crumb的token。在使用了反向代理,并且在jenkins设置中勾选了“防止跨站点请求伪造(Prevent Cross Site Request Forgery exploits)”之后此token会被转发服务器apache/nginx认为是不合法头部而去掉。导致跳转失败。
The problem is that jenkins stores its' csrf token in a http header called '.crumb', AFAIK headers must only contain alphanumerics and dashes, and apache/nginx will remove invalid headers from the request (unless configured not to).
四、解决方案(Solution):
1.在apache/nginx中设置ignore_invalid_headers,或者:
2.在jenkins全局安全设置中取消勾选“防止跨站点请求伪造(Prevent Cross Site Request Forgery exploits)”。
1.Set ignore_invalid_headers in your apache/nginx server, or:
2.Uncheck "Prevent Cross Site Request Forgery exploits" in jenkins global security settings.
【参考资料(References)】
https://issues.jenkins-ci.org/browse/JENKINS-12875
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html