-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
I shared a curl command to trigger a build via a slack channel. When slack tried to preview the url, it kicked off a build. I don't think GET requests should be triggering builds.
[JENKINS-33664] GET requests cause a build to be scheduled
Kai Groner
added a comment - The point of the token (as I understand it) is to allow access by a script without requiring that script to maintain a session. In other words, if my script has to log in and manage a cookie store, why use a token at all?
If GETs have to be supported for historical reasons, maybe there could be a switch to disable it?
I realize I could solve this with my own middleware or proxy configuration, but I think most users would find the current behavior surprising.
Kai Groner
added a comment - The point of the token (as I understand it) is to allow access by a script without requiring that script to maintain a session. In other words, if my script has to log in and manage a cookie store, why use a token at all?
If GETs have to be supported for historical reasons, maybe there could be a switch to disable it?
I realize I could solve this with my own middleware or proxy configuration, but I think most users would find the current behavior surprising. kaigroner just my two cents, builds being initiated by any get is exactly the behaviour I was expecting. Click link from any device, build gets triggered. I don't want to have to edit http options before the build triggers.
For historical reasons and as a convenience, build tokens in Jenkins core are accepted from GET requests. (If you authenticate to get Item/Build access to the project, you must POST.) So this plugin merely follows suit.