It's all about the answers!

Ask a question

Jenkins build : Expected code 200 OK but received code 403 with message: Forbidden

Rakesh A (33431) | asked Jul 08 '20, 6:41 a.m.
  I am using Jenkins 2.235.1 & RTC server is IFIX 010. I am triggering a build in build definition from Client. I am getting below error. But works fine If build is triggered from Jenkins directly. What could be the problem ? Error submitting build to Hudson/Jenkins. Expected code 200 OK but received code 403 with message: Forbidden

Accepted answer

permanent link
Dinesh Kumar B (4.1k413) | answered Jul 09 '20, 8:35 a.m.
Hi Rakesh,

With more recent versions of Jenkins, additional security is enforced by default to prevent Cross Site Request Forgery.  Since you are on 2.235, I believe that restrictions is what preventing the request form RTC to Jenkins.

Check if "Prevent Cross Site Request Forgery exploits" is enabled on your Jenkins Server.  To reach this option on Jenkins, you can follow : Jenkins Home Page >> Manage Jenkins >> Configure Global Security >> Look under the section named "CSRF Protection".

If you find "Prevent Cross Site Request Forgery exploits" is enabled, disable it and try the build request.

Also, I have noticed that sometimes, removing the checkbox does not always remove the enforced security., and you may have to do it using the Script Console., if you do see that the unchecking "Prevent Cross Site Request Forgery exploits" did not help, you may want to try the script console...

Open “Manage Jenkins”/“Script Console” and enter the following script there
import jenkins.model.Jenkins
def instance = Jenkins.instance
under results you should see the text “done”, now retry the failing operation again….

hope you build succeeds now...
Rakesh A selected this answer as the correct answer

Ralph Schoon commented Dec 08 '20, 4:34 a.m.

2 other answers

permanent link
Ralph Schoon (63.1k33646) | answered Jul 08 '20, 7:08 a.m.
When RTC requests a build, it has to communicate to the Jenkins Server. The configuration for that is likely incorrect. It was correct, but no more. E.g. the user used to talk to Jenkins or the password is changed.

The Jenkins integration needs to be configured in a special build engine definition. And in the Build definition there is additional configuration. Check that configurations and test that RTC can talk to Jenkins.

permanent link
Karthikeyan P (215) | answered Sep 18 '20, 10:46 a.m.

 Hi Dinesh,

Disabling CSRF check is not a recommended practice right? We did try that and it worked. We reversed it back. Is there any other way we can avoid this CSRF issue between Jenkins and RTC? 
We are able to successfully trigger build from Jenkins. But when we try the other way i.e from RTC, it is throwing 403 forbidden error "Caused by: Error posting XML document to Hudson/Jenkins site. Received code 403 with message: Forbidden". 

Thanks and Regards,
Karthikeyan P

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.