Bitbucket can not trigger a jenkins job when I used Bitbucket Push and Pull Request plugin

Tingting_Zhou May 6, 2023

I have a cloud bitbucket, and I configure the webhook like this as below:

bitbucket-webhook.png

Then I installed "Bitbucket Push and Pull Request" plugin on my Jenkins, and configure the info as below:

The plugin URL: https://plugins.jenkins.io/bitbucket-push-and-pull-request

The global configure in jenkins: (Path: Manage Jenkins --> configure system)

jenkins-configure-system.png

The configuration in jenkins job: (Credentials used username and app password with bitbucket)

jenkins-build-trigger-config.png

When I created a pull request on bitbucket, I saw the error in the webhook log:

<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> No valid crumb was included in the request</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p><hr class="line" /><h3>Apache Tomcat/9.0.74</h3></body></html>

 

Who can tell me where the configuration error caused this error?

1 answer

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 9, 2023

Hi @Tingting_Zhou and welcome to the community!

Based on the error "No valid crumb was included in the request", it sounds like you most likely have enabled the option Prevent Cross Site Request Forgery exploits in Jenkins.

What is expected then is for Atlassian to include a header with the API upload
"Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b", but we cannot include that with the webhook payload, so the request fails.

What you could do is use a proxy that will receive the traffic from Bitbucket and forward it to Jenkins, so that it includes the crumb in a custom header. You would need to enable the option Enable proxy compatibility in the CSRF Protection settings in Jenkins. You can check this StackOverflow post: https://stackoverflow.com/a/56167349

Another option would be to disable Prevent Cross Site Request Forgery exploits in Jenkins, but that would make you vulnerable to CSRF attacks.

Kind regards,
Theodora

Pratima Maiti June 21, 2023

I have enabled Enable proxy compatibility as mentioned in that stackoverflow post along with same configuration mentioned by @Tingting_Zhou . But it's still giving the same issue.

Could you tell me what's wrong?

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 21, 2023

Hi Pratima,

You will also need to configure your proxy to include the crumb in a custom header in traffic it receives from Bitbucket Cloud before it forwards it to Jenkins. What the error means is that Jenkins does not receive this crumb.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events