Copy link to issue

summary

Fix CSRF bug in Jenkins form posts

Description

Since we enabled CSRF protection for build Jenkins, we've been unable to successfully submit changes to many of the forms in the admin interface. For example, trying to suppress an irrelevant security warning via https://build.testeng.edx.org/configureSecurity/ results in the following error message:

The user is also logged out after attempting the form submission.

While we strive to make all changes to Jenkins configuration via code, it can be useful to make temporary changes via the admin interface. Diagnose why this isn't working and fix it.

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Assignee

Unassigned

Reporter

Jeremy Bowman

Labels

None

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Priority

Unset

Configure

Fix CSRF bug in Jenkins form posts

Description

Steps to Reproduce

Current Behavior

Expected Behavior

Reason for Variance

Release Notes

User Impact Summary

Assignee

Reporter

Labels

Reach

Impact

Platform Area

Customer

Partner Manager

URL

Contributor Name

Groups with Read-Only Access

Actual Points

Category of Work

Platform Map Area (Levels 1 &amp; 2)

Platform Map Area (Levels 3 &amp; 4)

Priority

Platform Map Area (Levels 1 & 2)

Platform Map Area (Levels 3 & 4)