• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      Some links (e.g. in console output lnks "Building remotely on slaveXYZ") don't preserve protocol and have hardcoded HTTP even if the page is opened via HTTPS. This can be considered as a security risk (e.g. user doesn't notice change of the protocol and later on can open another console output with sensitive data and the data would be sent over unsecure HTTP in this case)

          [JENKINS-16368] Hardcoded protocol in some links

          Jesse Glick added a comment -

          @fhuberts: the fix for HTTPS reverse proxies will I think be in 1.501. (The RC branch process is a little subtle so I am never entirely sure where a given change is going to first appear until the release is cut!)

          Jesse Glick added a comment - @fhuberts: the fix for HTTPS reverse proxies will I think be in 1.501. (The RC branch process is a little subtle so I am never entirely sure where a given change is going to first appear until the release is cut!)

          Ferry Huberts added a comment -

          @jesse awesome! thanks a bunch

          Ferry Huberts added a comment - @jesse awesome! thanks a bunch

          I wrote https://wiki.jenkins-ci.org/display/JENKINS/Hyperlinks+in+HTML that hopefully describes the current design of this in Jenkins.

          From that stand point,

          • I disagree with the initial fix (but this was backed out, so I'm good)
          • I also disagree with pull request #682, because it violates Rule #1: no absolute URLs in hyperlinks
          • The proper fix is to update HyperlinkNote so that it does not emit the absolute URL, and rather just use the context path from the current request (it shall fall back to the absolute URL if the code is without the thread-local request, such as when it's used for email-ext plugin)

          I'll make the fix accordingly.

          Kohsuke Kawaguchi added a comment - I wrote https://wiki.jenkins-ci.org/display/JENKINS/Hyperlinks+in+HTML that hopefully describes the current design of this in Jenkins. From that stand point, I disagree with the initial fix (but this was backed out, so I'm good) I also disagree with pull request #682 , because it violates Rule #1: no absolute URLs in hyperlinks The proper fix is to update HyperlinkNote so that it does not emit the absolute URL, and rather just use the context path from the current request (it shall fall back to the absolute URL if the code is without the thread-local request, such as when it's used for email-ext plugin) I'll make the fix accordingly.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          war/pom.xml
          http://jenkins-ci.org/commit/jenkins/ded37a2b626419fcef6e9ae425331c275d827b48
          Log:
          JENKINS-16368 "mvn hudson-dev:run" to run with context path

          This helps us catch a typical error of not using ${rootURL} or
          getContextPath() where needed.


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: war/pom.xml http://jenkins-ci.org/commit/jenkins/ded37a2b626419fcef6e9ae425331c275d827b48 Log: JENKINS-16368 "mvn hudson-dev:run" to run with context path This helps us catch a typical error of not using ${rootURL} or getContextPath() where needed. – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          plugins/pom.xml
          http://jenkins-ci.org/commit/jenkins/17d2df75ffdcf49d6026f67e250747481cf39c28
          Log:
          JENKINS-16368 "mvn hpi:run" to use non-empty context path.

          For a reason similar to ded37a2b626419fcef6e9ae425331c275d827b48,
          better to run with non empty context path.


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: plugins/pom.xml http://jenkins-ci.org/commit/jenkins/17d2df75ffdcf49d6026f67e250747481cf39c28 Log: JENKINS-16368 "mvn hpi:run" to use non-empty context path. For a reason similar to ded37a2b626419fcef6e9ae425331c275d827b48, better to run with non empty context path. – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2316
          JENKINS-16368 "mvn hudson-dev:run" to run with context path (Revision ded37a2b626419fcef6e9ae425331c275d827b48)

          Result = UNSTABLE
          kohsuke : ded37a2b626419fcef6e9ae425331c275d827b48
          Files :

          • war/pom.xml

          dogfood added a comment - Integrated in jenkins_main_trunk #2316 JENKINS-16368 "mvn hudson-dev:run" to run with context path (Revision ded37a2b626419fcef6e9ae425331c275d827b48) Result = UNSTABLE kohsuke : ded37a2b626419fcef6e9ae425331c275d827b48 Files : war/pom.xml

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2317
          JENKINS-16368 "mvn hpi:run" to use non-empty context path. (Revision 17d2df75ffdcf49d6026f67e250747481cf39c28)

          Result = SUCCESS
          kohsuke : 17d2df75ffdcf49d6026f67e250747481cf39c28
          Files :

          • plugins/pom.xml

          dogfood added a comment - Integrated in jenkins_main_trunk #2317 JENKINS-16368 "mvn hpi:run" to use non-empty context path. (Revision 17d2df75ffdcf49d6026f67e250747481cf39c28) Result = SUCCESS kohsuke : 17d2df75ffdcf49d6026f67e250747481cf39c28 Files : plugins/pom.xml

          Jesse Glick added a comment -

          AFAICT #682 does create app-relative URLs, or purports to.

          Jesse Glick added a comment - AFAICT #682 does create app-relative URLs, or purports to.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          core/src/main/java/hudson/Functions.java
          core/src/main/java/hudson/console/HyperlinkNote.java
          core/src/main/java/jenkins/model/Jenkins.java
          http://jenkins-ci.org/commit/jenkins/9447289c87522d96d54228e817c5aa3cd04744c6
          Log:
          [FIXED JENKINS-16368]

          HyperlinkNote shouldn't emit the absolute URL.

          Compare: https://github.com/jenkinsci/jenkins/compare/902edc38aa26...9447289c8752


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html core/src/main/java/hudson/Functions.java core/src/main/java/hudson/console/HyperlinkNote.java core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/9447289c87522d96d54228e817c5aa3cd04744c6 Log: [FIXED JENKINS-16368] HyperlinkNote shouldn't emit the absolute URL. Compare: https://github.com/jenkinsci/jenkins/compare/902edc38aa26...9447289c8752 – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2320
          [FIXED JENKINS-16368] (Revision 9447289c87522d96d54228e817c5aa3cd04744c6)

          Result = SUCCESS
          kohsuke : 9447289c87522d96d54228e817c5aa3cd04744c6
          Files :

          • core/src/main/java/hudson/console/HyperlinkNote.java
          • changelog.html
          • core/src/main/java/hudson/Functions.java
          • core/src/main/java/jenkins/model/Jenkins.java

          dogfood added a comment - Integrated in jenkins_main_trunk #2320 [FIXED JENKINS-16368] (Revision 9447289c87522d96d54228e817c5aa3cd04744c6) Result = SUCCESS kohsuke : 9447289c87522d96d54228e817c5aa3cd04744c6 Files : core/src/main/java/hudson/console/HyperlinkNote.java changelog.html core/src/main/java/hudson/Functions.java core/src/main/java/jenkins/model/Jenkins.java

            kohsuke Kohsuke Kawaguchi
            vjuranek vjuranek
            Votes:
            5 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: