Jenkins: 403 No valid crumb was included in the request

Finally, this post helped me to do away with the crumb problem but still securing Jenkins from CSRF attack.

Solution for no-valid crumb included in the request issue

Basically, we need to first request for crumb with authentication and then issue POST api calls with crumb as a header along with authentication again.

This is how I did it,

curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>

Response was,

{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}

Then the POST api with above crumb information in it.

curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'

To resolve this issue I unchecked "Prevent Cross Site Request Forgery exploits" in jenkins.com/configureSecurity section and it started working.

This solution is SAFE to use

came along this issue when we changed jenkins to be accessible via reverse proxy.

There is an option in the "Configure Global Security" that "Enable proxy compatibility" This helped with my issue.

Other Solution

in Github payload URL make your url look like this
https://jenkins:8080/github-webhook/ Dont forget to metion / at the end