Jenkins API - 403 请求中未包含有效的碎屑
Jenkins API - 403 No valid crumb was included in the request
我正在尝试使用 postman 通过 Rest API 创建凭据。
我向这个域发送 post 请求:
http://localhost:8080/credentials/store/system/domain/_/createCredentials
我添加了一个 API-Key 作为身份验证,通过 API 创建了一个面包屑(请求见下文)并添加了它。
r = requests.get(f'http://localhost:8080/crumbIssuer/api/json', auth=('admin', 'admin'))
crumb = r.json().get('crumb')
尽管如此,它不起作用,我收到此错误页面:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body>
<h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<table>
<tr>
<th>URI:</th>
<td>/credentials/store/system/domain/_/createCredentials</td>
</tr>
<tr>
<th>STATUS:</th>
<td>403</td>
</tr>
<tr>
<th>MESSAGE:</th>
<td>No valid crumb was included in the request</td>
</tr>
<tr>
<th>SERVLET:</th>
<td>Stapler</td>
</tr>
</table>
<hr><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.43.v20210629</a>
<hr />
</body>
</html>
我找到问题了。在 jenkins website about CSRF Protection 上面写着:
The Default Crumb Issuer encodes the following information in the
hash used as crumb:
- The user name that the crumb was generated for
- The web session ID that the crumb was generated in
- The IP address of the user that the crumb was generated for
- A salt unique to this Jenkins instance
我在 jupyter notebook 中通过 python 创建了面包屑。另一方面,post 请求是使用 postman 发出的。所以在面包屑中散列的数据不匹配。
我正在尝试使用 postman 通过 Rest API 创建凭据。
我向这个域发送 post 请求:
http://localhost:8080/credentials/store/system/domain/_/createCredentials
我添加了一个 API-Key 作为身份验证,通过 API 创建了一个面包屑(请求见下文)并添加了它。
r = requests.get(f'http://localhost:8080/crumbIssuer/api/json', auth=('admin', 'admin'))
crumb = r.json().get('crumb')
尽管如此,它不起作用,我收到此错误页面:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body>
<h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<table>
<tr>
<th>URI:</th>
<td>/credentials/store/system/domain/_/createCredentials</td>
</tr>
<tr>
<th>STATUS:</th>
<td>403</td>
</tr>
<tr>
<th>MESSAGE:</th>
<td>No valid crumb was included in the request</td>
</tr>
<tr>
<th>SERVLET:</th>
<td>Stapler</td>
</tr>
</table>
<hr><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.43.v20210629</a>
<hr />
</body>
</html>
我找到问题了。在 jenkins website about CSRF Protection 上面写着:
The Default Crumb Issuer encodes the following information in the hash used as crumb:
- The user name that the crumb was generated for
- The web session ID that the crumb was generated in
- The IP address of the user that the crumb was generated for
- A salt unique to this Jenkins instance
我在 jupyter notebook 中通过 python 创建了面包屑。另一方面,post 请求是使用 postman 发出的。所以在面包屑中散列的数据不匹配。