Package hudson.security.csrf

Class CrumbExclusion

java.lang.Object
hudson.security.csrf.CrumbExclusion
All Implemented Interfaces:
ExtensionPoint
Direct Known Subclasses:
ApiCrumbExclusion, CliCrumbExclusion
public abstract class CrumbExclusion extends Object implements ExtensionPoint
Allows plugins to define exceptions to the CSRF protection filter. Please note that Jenkins 2.96 and newer accepts HTTP POST requests without CSRF crumb, if HTTP Basic authentication uses an API token instead of a password, so many use cases (simple API clients that support authentication but not obtaining a crumb) should be obsolete.
Since:
1.446
Author:
Kohsuke Kawaguchi

  • Constructor Details

    • CrumbExclusion

      public CrumbExclusion()

  • Method Details

    • process

      public boolean process(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      This method is called for every incoming POST request.
      Returns:
      true to indicate that the callee had processed this request (for example by reporting an error, or by executing the rest of the chain.)
      Throws:
      IOException
      jakarta.servlet.ServletException

    • process

      @Deprecated public boolean process(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Deprecated.
      use process(HttpServletRequest, HttpServletResponse, FilterChain)
      Throws:
      IOException
      javax.servlet.ServletException

    • all

      public static ExtensionList<CrumbExclusion> all()