Build Monitor supports Jenkins CSRF protection

Closes #46
jenkinsci · Mar 1, 2014 · e716968 · e716968
1 parent f75a2fe
commit e716968
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/main/webapp/scripts/jenkins.js b/src/main/webapp/scripts/jenkins.js
@@ -49,7 +49,8 @@ angular.module('jenkins', []).
                         data:    stringified(parameters),
                         headers: {
                             'Content-Type': STAPLER_CONTENT_TYPE,
-                            'Crumb': binding.crumb
+                            'Crumb':  binding.crumb,  // Crumb header is needed to get past Stapler
+                            '.crumb': binding.crumb   // .crumb header is needed to support CSRF protection (#46)
                         }
                     });
                 }

diff --git a/src/test/javascript/unit/jenkins/proxyFromSpec.js b/src/test/javascript/unit/jenkins/proxyFromSpec.js
@@ -90,7 +90,8 @@ describe('buildMonitor', function () {
                     headers: {
                         'Accept':       'application/json, text/plain, */*',
                         'Content-Type': 'application/x-stapler-method-invocation;charset=UTF-8',
-                        'Crumb':        crumb
+                        'Crumb':        crumb,
+                        '.crumb':       crumb
                     }
                 };