CSRF protection helps Jenkins prevent a specific type of attack. What does it protect against?
Think about attacks that use a logged-in user's browser without their knowledge.
CSRF protection stops attackers from making a logged-in user unknowingly perform actions in Jenkins by using forged requests.
Which Jenkins configuration step correctly enables CSRF protection?
Look for a checkbox in the security settings related to CSRF.
CSRF protection is enabled by checking the 'Prevent Cross Site Request Forgery exploits' option in the global security configuration.
When Jenkins blocks a request due to CSRF protection, what HTTP status code does it return?
It is a status code that means access is denied.
Jenkins returns HTTP 403 Forbidden when a request is blocked by CSRF protection.
You send a POST request to Jenkins API but it fails with 403 error after enabling CSRF protection. What is the most likely cause?
CSRF protection requires a special token in requests.
When CSRF protection is enabled, POST requests must include a Jenkins-Crumb header with a valid token or they will be blocked.
In Jenkins scripted pipelines, what is the best way to handle CSRF protection tokens when making HTTP POST requests to Jenkins itself?
Think about securely handling secrets and tokens in Jenkins pipelines.
Best practice is to securely retrieve and include the Jenkins-Crumb token using 'withCredentials' to avoid exposing tokens or disabling security.