Found invalid crumb and 403 with Webhook in Git

Hello Guys, it is really big problem when i try to use a webhook in Git or scripting call to jenkins [run WAR on Tomcat](i know it is unsuggested, but i dont care since i am doing a study of demo of project)

Jenkins 2.419, I tired so many way to fix it

1. Stop CSRF Protection in config.xml on .jenkins file
2. Use Jenkins-Crumb which get fromm xxxxx/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,“:”,//crumb)
3. Use API token with my jenkins user: Admin by Authorization:Basic xxxxxx in posting headers

But everything is not working, just get 403, so on and so on. then I check the security plugin by those two

1. Matrix Authorization Strategy PluginVersion3.2.2 - I stopped it
2. Script Security - for some genius sake it cannot be excluded as the button shows gray.

please help to tell me how i can turn it off just in case shut down that such Auth issue?
I dont know what eactly need to do and avoid this Auth issue. Have to say, pls leave me alone with Auth issue. really annoying right now

So please help then, thank you very much

script security is not relevant for authentication. You can keep Matrix Auth and just configure it so anonymous has access. If you don’t want to give anonymous access, you will need to grant the user the permissions in Matrix auth that are required for the api calls you want to use.
If you use a user with a token that you generated via the UI for that user it should work without a problem given the user has the correct permissions. the combination user:token doesn’t require a crumb´.