Crumb with Golang's net/http header
I was adding crumb CSRF protection support as part of the Golang code I wrote for interacting with Jenkins RESTful API (https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API)
struct:
type Crumb struct {
Crumb string `json:"crumb"`
CrumbRequestField string `json:"crumbRequestField"`
}
code
...
crb := Crumb{}
// did some work to jsonify the crumb to Golang struct
// https://jenkins.mydomain.com/crumbIssuer/api/json
...
if (crb.Crumb != "" && crb.CrumbRequestField != "" ) {
req.Header.Set(crb.CrumbRequestField, crb.Crumb)
}
req.SetBasicAuth(jenkins.auth.Username, jenkins.auth.ApiToken)
// i think the issue is related to DefaultClient, but not sure
return http.DefaultClient.Do(req)
But with Golang implementation above keep getting 403, but the same thing works fine with cURL call.
&{403 No valid crumb was included in the request 403 HTTP/1.1 1 1 map[Server:[nginx] Date:[Thu, 31 Jul 2014 05:58:52 GMT] Content-Type:[text/html;charset=ISO-8859-1] Connection:[keep-alive] Cache-Control:[must-revalidate,no-cache,no-store]] 0xc20800ff80 -1 [chunked] false map[] 0xc2082ba270 0xc208005da0}
cURL log:
> POST /computer/node1/toggleOffline HTTP/1.1
> Authorization: Basic <key>
> User-Agent: curl/7.30.0
> Host: jenkins.mydomain.com
> Accept: */*
> .crumb: 0d6401898751f250ff1f95b5bf9589db
I'm answering my own question here. I found my issue and it has nothing related to Golang's net/http lib. The Jenkins crumb GET request required that you need to provide basic auth to obtain properly crumb.
链接地址: http://www.djcxy.com/p/45436.html上一篇: Bitbucket插件为詹金斯不工作。 响应正文返回HTTP状态:302
下一篇: 用Golang的网络/ http标头碎片