Getting 404 when accessing Jenkins v2.73.1 crumbIssuer REST API

Question

I try to call Jenkins crumIssuer API but got below error. working with Jenkins version 2.19.1 and not working with version 2.73.1

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 404 Not Found</title>
</head>
<body><h2>HTTP ERROR 404</h2>
<p>Problem accessing /crumbIssuer/api/json. Reason:
<pre>    Not Found</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.z-SNAPSHOT</a><hr/>

</body>
</html>

score 11 · Accepted Answer · answered Oct 10 '17 at 06:01

11

You have to have the Prevent Cross Site Request Forgery exploits option turned on under Manage Jenkins -> Configure Global Security.

answered Oct 10 '17 at 06:01

Rob Hales

5,123
1
21
33

it has been enabled – ERK Oct 10 '17 at 06:17
Manage Jenkins -> Configure Global Security. Checked "Prevent Cross Site Request Forgery exploits " and checked "Default Crumb Issuer" – Oscar Apr 25 '22 at 09:48

score 1 · Answer 2 · answered Feb 10 '18 at 19:47

Rob Hales' answer is correct.

I had the same issue when trying to run the following Ansible code against a jenkins (ver. 2.89.3) instance.

- name: "Get csrf token"
  uri:
    url: 'http://127.0.0.1:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
    user: "{{ jenkins_admin_user }}"
    password: "{{ jenkins_admin_pass }}"
    force_basic_auth: yes
    return_content: yes

For me, the issue is resolved after creating the file /var/jenkins_home/init.groovy.d/csrf.groovy with the following content and restarting jenkins:

import hudson.security.csrf.DefaultCrumbIssuer
import jenkins.model.Jenkins

def instance = Jenkins.instance
instance.setCrumbIssuer(new DefaultCrumbIssuer(true))
instance.save()

See https://wiki.jenkins.io/display/JENKINS/CSRF+Protection for more info.

Getting 404 when accessing Jenkins v2.73.1 crumbIssuer REST API

2 Answers2