Why do I receive lots of Found Invalid Crumb warnings in the logs?

Article ID:115001974468
1 minute readKnowledge base

Issue

You receive lots of warnings in your logs with the following pattern:

WARNING: Found invalid crumb xxxxxxxxxxxxx. Will check remaining parameters for a valid one...
hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.

Environment

CloudBees Jenkins Operations Center

Resolution

The issue is related to JENKINS-40344. This bug materializes in the logs if you have CSRF protection enabled (which is a recommended practice). To learn more about CSRF Protection, you can click here.

In the meantime, and as a workaround, you can avoid flooding your logs with these messages by changing the log level to SEVERE on the following logger hudson.security.csrf.CrumbFilter.

In order to do this, please follow the procedure below:

  • Navigate to Jenkins  Manage Jenkins  System Log  Log Levels.

  • Write hudson.security.csrf.CrumbFilter in the textbox, select the SEVERE level value and then click submit.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.