[JENKINS-15437] ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: core
Labels:
- 1.509.4-fixed

Similar Issues:

Show

Description

I have Jenkins set up with Project-based Matrix Authorization Strategy and have several custom build views.

If a user attempts to switch to a view that has 1 or more projects that they do not have access to, Chrome brings up an error page with Error 330 (net::ERR_CONTENT_DECODING_FAILED: Unknown Error. Firefox brings up an error page saying "Content Encoding Error".

Expected behavior would be to show no error and only show projects that the user has access to.

Attachments

Activity

Descending order - Click to sort in ascending order

SCM/JIRA link daemon added a comment - 2013-09-24 07:51

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
core/src/main/resources/lib/layout/layout.jelly
http://jenkins-ci.org/commit/jenkins/af59db06f0eba2674fc8338d3ba18335541eae32
Log:
[FIXED JENKINS-15437]

The exception handler ended up adding almost all the headers again,
resulting in a lot of duplicate headers.

Most critically, stapler was adding "Content-Encoding" header twice,
breaking browsers.

(cherry picked from commit d3575548bbd39acdbc0f73533f9078d59828b428)

Conflicts:
changelog.html
core/pom.xml

SCM/JIRA link daemon added a comment - 2013-09-24 07:51 Code changed in jenkins User: Kohsuke Kawaguchi Path: core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly http://jenkins-ci.org/commit/jenkins/af59db06f0eba2674fc8338d3ba18335541eae32 Log: [FIXED JENKINS-15437] The exception handler ended up adding almost all the headers again, resulting in a lot of duplicate headers. Most critically, stapler was adding "Content-Encoding" header twice, breaking browsers. (cherry picked from commit d3575548bbd39acdbc0f73533f9078d59828b428) Conflicts: changelog.html core/pom.xml

dogfood added a comment - 2013-06-24 19:18

Integrated in jenkins_main_trunk #2655
[FIXED JENKINS-15437] (Revision d3575548bbd39acdbc0f73533f9078d59828b428)

Result = SUCCESS
kohsuke : d3575548bbd39acdbc0f73533f9078d59828b428
Files :

changelog.html
core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
core/src/main/resources/lib/layout/layout.jelly
core/pom.xml

dogfood added a comment - 2013-06-24 19:18 Integrated in jenkins_main_trunk #2655 [FIXED JENKINS-15437] (Revision d3575548bbd39acdbc0f73533f9078d59828b428) Result = SUCCESS kohsuke : d3575548bbd39acdbc0f73533f9078d59828b428 Files : changelog.html core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly core/pom.xml

SCM/JIRA link daemon added a comment - 2013-06-24 17:50

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
changelog.html
core/pom.xml
core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
core/src/main/resources/lib/layout/layout.jelly
http://jenkins-ci.org/commit/jenkins/d3575548bbd39acdbc0f73533f9078d59828b428
Log:
[FIXED JENKINS-15437]

The exception handler ended up adding almost all the headers again,
resulting in a lot of duplicate headers.

Most critically, stapler was adding "Content-Encoding" header twice,
breaking browsers.

SCM/JIRA link daemon added a comment - 2013-06-24 17:50 Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html core/pom.xml core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly http://jenkins-ci.org/commit/jenkins/d3575548bbd39acdbc0f73533f9078d59828b428 Log: [FIXED JENKINS-15437] The exception handler ended up adding almost all the headers again, resulting in a lot of duplicate headers. Most critically, stapler was adding "Content-Encoding" header twice, breaking browsers.

Kohsuke Kawaguchi added a comment - 2013-06-21 21:21

Using wireshark, I see that the problem is because it's sending two sets of headers.

GET /job/f/groups/newGroup HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,ja;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: screenResolution=2560x1600; JSESSIONID.23b85107=8ea7deb23efb25dda41e3d0e12af2421; screenResolution=2560x1600; JSESSIONID.f93f7440=b6bc70d2d3f01b2ce13240ea6cd4da2f

HTTP/1.1 403 Forbidden
Server: Winstone Servlet Engine v0.9.10
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,must-revalidate
X-Hudson-Theme: default
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11)
X-Jenkins-Session: a186bd6f
X-Hudson-CLI-Port: 57208
X-Jenkins-CLI-Port: 57208
X-Jenkins-CLI2-Port: 57208
X-SSH-Endpoint: localhost:55570
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,must-revalidate
X-Hudson-Theme: default
X-Hudson: 1.395
X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11)
X-Jenkins-Session: a186bd6f
X-Hudson-CLI-Port: 57208
X-Jenkins-CLI-Port: 57208
X-Jenkins-CLI2-Port: 57208
X-SSH-Endpoint: localhost:55570
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB
Content-Length: 2203
Connection: Keep-Alive
Date: Fri, 21 Jun 2013 21:12:10 GMT
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)

.... gzip encoded content follows ....

The gzipped content itself appears OK, as I was able to gunzip it just fine. I think it is the fact that there are two Content-Encoding header that's breaking the browser.

Kohsuke Kawaguchi added a comment - 2013-06-21 21:21 Using wireshark, I see that the problem is because it's sending two sets of headers. GET /job/f/groups/newGroup HTTP/1.1 Host: localhost:8080 Connection: keep-alive Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,ja;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: screenResolution=2560x1600; JSESSIONID.23b85107=8ea7deb23efb25dda41e3d0e12af2421; screenResolution=2560x1600; JSESSIONID.f93f7440=b6bc70d2d3f01b2ce13240ea6cd4da2f HTTP/1.1 403 Forbidden Server: Winstone Servlet Engine v0.9.10 Content-Encoding: gzip Expires: 0 Cache-Control: no-cache,must-revalidate X-Hudson-Theme: default Content-Type: text/html;charset=UTF-8 X-Hudson: 1.395 X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11) X-Jenkins-Session: a186bd6f X-Hudson-CLI-Port: 57208 X-Jenkins-CLI-Port: 57208 X-Jenkins-CLI2-Port: 57208 X-SSH-Endpoint: localhost:55570 X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB Content-Encoding: gzip Expires: 0 Cache-Control: no-cache,must-revalidate X-Hudson-Theme: default X-Hudson: 1.395 X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11) X-Jenkins-Session: a186bd6f X-Hudson-CLI-Port: 57208 X-Jenkins-CLI-Port: 57208 X-Jenkins-CLI2-Port: 57208 X-SSH-Endpoint: localhost:55570 X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB Content-Length: 2203 Connection: Keep-Alive Date: Fri, 21 Jun 2013 21:12:10 GMT X-Powered-By: Servlet/2.5 (Winstone/0.9.10) .... gzip encoded content follows .... The gzipped content itself appears OK, as I was able to gunzip it just fine. I think it is the fact that there are two Content-Encoding header that's breaking the browser.

joni r added a comment - 2012-11-06 09:06

I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.

joni r added a comment - 2012-11-06 09:06 I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.

View 4 older comments

People

Assignee:: Kohsuke Kawaguchi

Reporter:: Grant Limberg

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2012-10-08 18:48

Updated:: 2014-09-27 15:41

Resolved:: 2013-06-24 17:50