@oleg-nenashev I can. Interestingly, I have the same config and same version of Jenkins on another instance, and don't have the problem, so not sure how easy it will be to reproduce. It's just clicking to build a job from any page (whether Blue Ocean is enabled or not). It (and the other one) are both behind load balancers, however, enabling the "proxy fix" checkbox doesn't make a difference either way. But disabling CSRF definitely reproducibly I don't think it's a permissions thing, because the permissions are very flat (anyone can do anything).