Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16936

Extension point for secure users of Api

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      As a security fix, hudson.model.Api no longer permits the jsonp parameter, or xpath with a primitive result set. This is the safest policy but in certain cases it is useful to whitelist particular requesters known to be harmless. The INSECURE system property should be deprecated or deleted and an extension point introduced so various policies can be added by plugins: whitelists based on host name, requests with no Referer, etc.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: