Jenkins upgrade - TFS agent failed to queue build job

0
votes

We are using TFS agent to trigger build job in Jenkins. So that from a pull request, is it possible to start build directly into the Jenkins.

Everything was working fine, until upgrade the Jenkins to the version 2.236. In earlier Jenkins version there were an option to disable the A cross site request forgery under CSRF plugin, but in the version 2.236 there's no such option anymore.

An issue tracker on Jenkins (https://issues.jenkins-ci.org/browse/JENKINS-61375) says, it is better to configure client to use API token on HTTP authentication. Another option is to use the crumb session key with the HTTP request. Something like - 

{"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"8f1aa10c71ee8ac841fbda43196374e6f91bd7221298a258acb7c05e1aeb0968",
"crumbRequestField":"Jenkins-Crumb"}

But, while configuring the TFS agent, I don't see any field to use the API key or session key.

What are the choices here? How to solve this problem?

1
jenkinstfs

1 Answers

0
votes

This error appear because the older Jenkins version (probably < 2.176) has the option to uncheck Prevent Cross Site Request Forgery exploits. The newer Jenkins don't have such option, but in above described situation (TFS agent to trigger build job in Jenkins) there's no settings in TFS agent to play the GET/REQUEST for crumb session-id.

Setting the respective environment variable to false is also not an acceptable solution.

The Strict Crumb Issuer plugin would be the solution here.

Install it, and set the CSRF protection as - [uncheck Check the session ID]

enter image description here