Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34254

Shutdown of jenkins via the /exit URL doesn't work in 2.0 b/c of 403

      1) Start jenkins from WAR, giving a JENKINS_HOME directory
      2) Install initial plugins and create an admin user (probably not needed), then restart and log in
      3) Try to exit jenkins the "right" way by visiting http://localhost:8080/exit
      4) Click the "try POST" button
      5) See attached 403 error message:

          [JENKINS-34254] Shutdown of jenkins via the /exit URL doesn't work in 2.0 b/c of 403

          Daniel Beck added a comment -

          Not sure whether this qualifies as lts-candidate given the age, but it's annoying and might get some users to choose insecurity over inconvenience.

          Daniel Beck added a comment - Not sure whether this qualifies as lts-candidate given the age, but it's annoying and might get some users to choose insecurity over inconvenience.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/pom.xml
          core/src/main/java/hudson/security/csrf/CrumbFilter.java
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties
          http://jenkins-ci.org/commit/jenkins/e20b0496149669f3a0f05cabd1a06eb3a469e935
          Log:
          JENKINS-34254 Fix RequirePOST form

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/pom.xml core/src/main/java/hudson/security/csrf/CrumbFilter.java core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties http://jenkins-ci.org/commit/jenkins/e20b0496149669f3a0f05cabd1a06eb3a469e935 Log: JENKINS-34254 Fix RequirePOST form

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly
          http://jenkins-ci.org/commit/jenkins/b27bb928a28ee578122eb4b076c8a3d8d68d878c
          Log:
          JENKINS-34254 Set HTTP status code for view

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly http://jenkins-ci.org/commit/jenkins/b27bb928a28ee578122eb4b076c8a3d8d68d878c Log: JENKINS-34254 Set HTTP status code for view

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/security/csrf/CrumbFilter.java
          http://jenkins-ci.org/commit/jenkins/2f45a2332b96a133ef269e2b621617016c98fdfa
          Log:
          JENKINS-34254 Adapt to upstream change using ServiceLoader

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/security/csrf/CrumbFilter.java http://jenkins-ci.org/commit/jenkins/2f45a2332b96a133ef269e2b621617016c98fdfa Log: JENKINS-34254 Adapt to upstream change using ServiceLoader

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/pom.xml
          http://jenkins-ci.org/commit/jenkins/3c695a3ed6836abce19c0c71eeca418f0fe9fd66
          Log:
          JENKINS-34254 Use released Stapler 1.254

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/pom.xml http://jenkins-ci.org/commit/jenkins/3c695a3ed6836abce19c0c71eeca418f0fe9fd66 Log: JENKINS-34254 Use released Stapler 1.254

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly
          test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
          http://jenkins-ci.org/commit/jenkins/f0efdbab087ea26342a034da198d055bd7141b8a
          Log:
          JENKINS-34254 Add test

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java http://jenkins-ci.org/commit/jenkins/f0efdbab087ea26342a034da198d055bd7141b8a Log: JENKINS-34254 Add test

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/pom.xml
          core/src/main/java/hudson/security/csrf/CrumbFilter.java
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties
          test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
          http://jenkins-ci.org/commit/jenkins/76c9f8beacc681663571c925b5ee090222407e34
          Log:
          Merge pull request #3187 from daniel-beck/JENKINS-34254-v2

          JENKINS-34254 Fix RequirePOST form

          Compare: https://github.com/jenkinsci/jenkins/compare/814d202716a6...76c9f8beacc6

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/pom.xml core/src/main/java/hudson/security/csrf/CrumbFilter.java core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java http://jenkins-ci.org/commit/jenkins/76c9f8beacc681663571c925b5ee090222407e34 Log: Merge pull request #3187 from daniel-beck/ JENKINS-34254 -v2 JENKINS-34254 Fix RequirePOST form Compare: https://github.com/jenkinsci/jenkins/compare/814d202716a6...76c9f8beacc6

          Daniel Beck added a comment -

          Fixed towards 2.96.

          Daniel Beck added a comment - Fixed towards 2.96.

          Given how long was it broken, there is no rush in expediting this into LTS. Will not be in .3.

          Oliver Gondža added a comment - Given how long was it broken, there is no rush in expediting this into LTS. Will not be in .3.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/pom.xml
          core/src/main/java/hudson/security/csrf/CrumbFilter.java
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly
          core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties
          test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
          http://jenkins-ci.org/commit/jenkins/bed6ccd71921c9321919f7a042864dbbbf63243a
          Log:
          Merge pull request #3187 from daniel-beck/JENKINS-34254-v2

          JENKINS-34254 Fix RequirePOST form

          (cherry picked from commit 76c9f8beacc681663571c925b5ee090222407e34)

          Compare: https://github.com/jenkinsci/jenkins/compare/2904044e5105...bed6ccd71921

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/pom.xml core/src/main/java/hudson/security/csrf/CrumbFilter.java core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.jelly core/src/main/resources/hudson/security/csrf/CrumbFilter/retry.properties test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java http://jenkins-ci.org/commit/jenkins/bed6ccd71921c9321919f7a042864dbbbf63243a Log: Merge pull request #3187 from daniel-beck/ JENKINS-34254 -v2 JENKINS-34254 Fix RequirePOST form (cherry picked from commit 76c9f8beacc681663571c925b5ee090222407e34) Compare: https://github.com/jenkinsci/jenkins/compare/2904044e5105...bed6ccd71921

            danielbeck Daniel Beck
            svanoort Sam Van Oort
            Votes:
            4 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: