Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1438 from daniel-beck/JENKINS-15252
[FIXED JENKINS-15252] Explain problems with CSRF protection
  • Loading branch information
oleg-nenashev committed Oct 27, 2014
2 parents 6ee4d4a + 16509dc commit 8e0b87c
Showing 1 changed file with 7 additions and 0 deletions.
Expand Up @@ -7,5 +7,12 @@
"crumb", on any request that may cause a change on the Jenkins server. This
includes any form submission and calls to the remote API.
<p>
Enabling this option can result in some problems, like the following:
<ul>
<li>Some Jenkins features (like the remote API) are more difficult to use when this option is enabled.</li>
<li>Some features, especially in plugins not tested with this option enabled, may not work at all.</li>
<li>If you are accessing Jenkins through a reverse proxy, it may strip the CSRF HTTP header, resulting in some protected actions failing.</li>
</ul>
<p>
More information about CSRF exploits can be found <a href="http://www.owasp.org/index.php/Cross-Site_Request_Forgery">here</a>.
</div>

0 comments on commit 8e0b87c

Please sign in to comment.