I have been using Herald rules to automatically trigger Jenkins builds on commits to git repo branches for quite some time. Access to Jenkins and my git repos require authentication so I am using a HTTP POST request with a specific set of credentials. For the above to work I had to disable CSRF protection in Jenkins which was not optimal but until now it was a trade I was willing to make.
With the latest version of Jenkins (235.2) disabling CSRF is more difficult and I can see how it would not be allowed in future releases which means I would like to find a solution that does not require disabling CSRF.
Jenkins documentation talks about 2 methods:
- Using a crumb to validate your HTTP POST request or
- Using an API token with the HTTP POST request
To use a crumb I need to make 2 HTTP requests, the first HTTP request would get the crumb from Jenkins and the second request would use the crumb to authenticate. I was not able to find any documentation on how to connect 2 separate HTTP requests in Herald. Is that even possible?
The second method does not work either because as far as I can tell Herald only support username/password type credentials.
Is there any documentation or any other information available to help solve this problem?