[Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT)

Sat May 21 13:31:48 UTC 2016
Colin Walters <walters at verbum.org>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:


However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900

So it *should* be in the 1.30.4 we're running according to

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)