Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36525

HTTP403 loading script.js on login page when anonymous doesn't have Overall/Read

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When being anonymous on an instance that is secured, if Overall/Read hasn't been granted to Anonymous, then retrieving the script.js from the plugin will issue a 403.

      Request

      GET /static/331cd866/plugin/form-element-path/script.js
      

      Response

      Authentication required
      <!--
      You are authenticated as: anonymous
      Groups that you are in:
        
      Permission you need to have (but didn't): hudson.model.Hudson.Read
       ... which is implied by: hudson.security.Permission.GenericRead
       ... which is implied by: hudson.model.Hudson.Administer
      -->
      

      This prevents elements from the login page from being properly decorated.

        Attachments

          Issue Links

            Activity

            Hide
            vlatombe Vincent Latombe added a comment -

            Converting the <script> to an adjunct seems to work.

            Show
            vlatombe Vincent Latombe added a comment - Converting the <script> to an adjunct seems to work.
            Hide
            jglick Jesse Glick added a comment -

            Merged.

            Show
            jglick Jesse Glick added a comment - Merged.

              People

              Assignee:
              vlatombe Vincent Latombe
              Reporter:
              vlatombe Vincent Latombe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: