Jenkins2 errors: "No valid crumb was included in request "

After installing my Jenkins2 on Ubuntu 14.04, I got everything up and running, only to find jenkins.log filling up with error messages, to the tune of 60 per minute, 70,000 messages per day: 

Sep 21, 2017 9:27:21 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: Found invalid crumb ad97b73a2a6de7a04b11f45e3fe9bf8f. Will check remaining parameters for a valid one...
Sep 21, 2017 9:27:21 AM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.


After a bit of Googling, the consensus was that this was connected to the Build Monitor Plugin, which I promptly uninstalled, but to no avail.

Digging a bit more, it looks like this is connected to the CSRF protection implemented in Jenkins2, but not found in Jenkins1. Once I disabled this, the logging stopped.

I'm not saying that this is the solution to the problem. I'm just saying that if you have this issue, can't fix it, then disabling CSRF protection will work.

To disable:

  1. Log in to Jenkins as an Administrator
  2. GOTO: Jenkins > Manage Jenkins > Configure Global Security and enable Prevent Cross Site Request Forgery exploits
  3. Uncheck this option

This is NOT a long term solution. This just stops the logging, until you can dig deeper and find the real source of the problem.

No comments:

Post a Comment