Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32197

More URLs that NegSecFilter should not secure

XMLWordPrintable

      In JENKINS-30116, I identified that the notifyCommit URLs should not have security applied to them. I was worried there were other URLs that shouldn't be secured either, but was unable to find a list on the Jenkins wiki.

      Today I noticed that if you click the 'Delegate to servlet container' option in the security settings, it provides a full list:

      These URLs (and URLs starting with these prefixes plus a /) should require no authentication. If possible, configure your container to pass these requests straight to Jenkins without requiring login.

      cli
      git
      jnlpJars
      subversion
      whoAmI

      Can you add this to the changes you made in JENKINS-30116?

            farmgeek4life Bryson Gibbons
            pmv pmv
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: