Hi, I've been bitten by the security fix in Jenkins LTS 2.176.3 to the CSRF protection, specifically the tying of a crumb to the session ID it was generated in.
There is a note in the upgrade guide <https://jenkins.io/doc/upgrade-guide/2.176/#SECURITY-626> which suggests I can trigger builds using an API token without requiring a crumb, which is pretty much what I want to be able to do. It appears that I should be able to do this by sending a POST of the form: http://<username>:<API Token>@<Jenkins job URL>/build But I always get back a 403 No valid crumb was included in the request, which while 100% accurate was not what I expected. Any idea how I can do this? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/97c3ff89-83ab-42f9-bb89-72922a940383%40googlegroups.com.
