Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38175

Preparing Jenkins for shutdown via Manage Jenkins -> system-log-out.png throws an HTTP 405 (POST is required for jenkins.model.Jenkins.doQuietDown); works fine via "Prepare for Shutdown" link

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core

      1. Go to your /manage page
      2. Scroll down to "Prepare for Shutdown"
      3. Instead of clicking the linked text, click on the "system-log-out.png" icon to its left

      Actual Results:

      1. Jenkins throws an HTTP 405 error, with "POST is required for jenkins.model.Jenkins.doQuietDown" displayed, as well as a button labeled "Try POSTing"
      2. Upon clicking "Try POSTing," you're returned an HTTP 403 with "No valid crumb was included in the request"

          [JENKINS-38175] Preparing Jenkins for shutdown via Manage Jenkins -> system-log-out.png throws an HTTP 405 (POST is required for jenkins.model.Jenkins.doQuietDown); works fine via "Prepare for Shutdown" link

          Denys Digtiar added a comment -

          Can also be reproduced from a drop-down menu in the breadcrumbs.

          Denys Digtiar added a comment - Can also be reproduced from a drop-down menu in the breadcrumbs.

          duemir
          POST is used only if the menu element has the option post set :
          https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/lib/layout/breadcrumbs.js#L213

          This one comes from http(s)://<INSTANCE>/contextMenu

          But it returns

                    {
                      "displayName": "Prepare for Shutdown",
                      "icon": "/static/f70a96ee/images/48x48/system-log-out.png",
                      "post": false,
                      "requiresConfirmation": false,
                      "subMenu": null,
                      "url": "/quietDown"
                    }
          

          but it should be post=true

              @Override
              public boolean getRequiresPOST() {
                  return true;
              }
          

          https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/management/ShutdownLink.java#L58

          Thus you need to understand why the management link is loosing this info in context menu

          Arnaud Héritier added a comment - duemir POST is used only if the menu element has the option post set : https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/lib/layout/breadcrumbs.js#L213 This one comes from http(s)://<INSTANCE>/contextMenu But it returns { "displayName" : "Prepare for Shutdown" , "icon" : "/ static /f70a96ee/images/48x48/system-log-out.png" , "post" : false , "requiresConfirmation" : false , "subMenu" : null , "url" : "/quietDown" } but it should be post=true @Override public boolean getRequiresPOST() { return true ; } https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/management/ShutdownLink.java#L58 Thus you need to understand why the management link is loosing this info in context menu

          Daniel Beck added a comment -

          The various bugs exposed in this issue are so dumb I can't even.

          PR forthcoming.

          Daniel Beck added a comment - The various bugs exposed in this issue are so dumb I can't even. PR forthcoming.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/jenkins/management/ReloadLink.java
          core/src/main/resources/jenkins/model/Jenkins/manage.jelly
          http://jenkins-ci.org/commit/jenkins/c9b878f4889659b889d03e24aa8e5cb6eb763b89
          Log:
          [FIX JENKINS-38175] Fix various ManagementLink related bugs

          • In the context menu, the 'post' flag was set iff 'requiresConfirmation'
            was set, even though they're independent (e.g. Prepare for shutdown
            requires the former but not the latter)
          • /manage screen: The icon (t:summary) does not support POST or
            confirmation links, but was set to not link only if no confirmation
            was required (i.e. POST links did not POST when the icon was clicked
            • now the icon is not clickable as a workaround)
          • /manage screen: All links requiring confirmation did POST, which masked
            the fact that the 'Reload from disk' link wasn't set up to require POST
            (it was only broken in the context menu). Now, confirmation and POST are
            separate flags, and 'Reload from disk' link now requests POST.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/management/ReloadLink.java core/src/main/resources/jenkins/model/Jenkins/manage.jelly http://jenkins-ci.org/commit/jenkins/c9b878f4889659b889d03e24aa8e5cb6eb763b89 Log: [FIX JENKINS-38175] Fix various ManagementLink related bugs In the context menu, the 'post' flag was set iff 'requiresConfirmation' was set, even though they're independent (e.g. Prepare for shutdown requires the former but not the latter) /manage screen: The icon (t:summary) does not support POST or confirmation links, but was set to not link only if no confirmation was required (i.e. POST links did not POST when the icon was clicked now the icon is not clickable as a workaround) /manage screen: All links requiring confirmation did POST, which masked the fact that the 'Reload from disk' link wasn't set up to require POST (it was only broken in the context menu). Now, confirmation and POST are separate flags, and 'Reload from disk' link now requests POST.

          Remco Tukker added a comment -

          /manage screen and breadcrumbs work perfectly now, however navigating directly to the /quietDown and /cancelQuietDown url in a browser seems (still? now?) broken. Exactly the same symptoms as in the original issue. I didn't try posting from the commandline.

          Remco Tukker added a comment - /manage screen and breadcrumbs work perfectly now, however navigating directly to the /quietDown and /cancelQuietDown url in a browser seems (still? now?) broken. Exactly the same symptoms as in the original issue. I didn't try posting from the commandline.

          Daniel Beck added a comment -

          however navigating directly to the /quietDown and /cancelQuietDown url in a browser seems (still? now?) broken.

          Jenkins necessarily exposes functionality like this at URLs that you can directly access; but requesting them via GET may not work for obvious reasons. Unless it's documented (preferably directly in Jenkins or on jenkins.io/doc, because anyone can edit the wiki) or there are still links with the same problem, I wouldn't consider this to be a bug.

          Daniel Beck added a comment - however navigating directly to the /quietDown and /cancelQuietDown url in a browser seems (still? now?) broken. Jenkins necessarily exposes functionality like this at URLs that you can directly access; but requesting them via GET may not work for obvious reasons. Unless it's documented (preferably directly in Jenkins or on jenkins.io/doc, because anyone can edit the wiki) or there are still links with the same problem, I wouldn't consider this to be a bug.

          Remco Tukker added a comment -

          I agree it's not a bug if this never worked. It's just that I expected the /quietDown url to work in the same way as the /restart and /safeRestart urls (you get a nice "are you sure" question that I imagine is doing the actual post request).

          Remco Tukker added a comment - I agree it's not a bug if this never worked. It's just that I expected the /quietDown url to work in the same way as the /restart and /safeRestart urls (you get a nice "are you sure" question that I imagine is doing the actual post request).

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/jenkins/management/ReloadLink.java
          core/src/main/resources/jenkins/model/Jenkins/manage.jelly
          http://jenkins-ci.org/commit/jenkins/3a2d38378a346e221be70ad8e13d66836ba71876
          Log:
          [FIX JENKINS-38175] Fix various ManagementLink related bugs

          • In the context menu, the 'post' flag was set iff 'requiresConfirmation'
            was set, even though they're independent (e.g. Prepare for shutdown
            requires the former but not the latter)
          • /manage screen: The icon (t:summary) does not support POST or
            confirmation links, but was set to not link only if no confirmation
            was required (i.e. POST links did not POST when the icon was clicked
            • now the icon is not clickable as a workaround)
          • /manage screen: All links requiring confirmation did POST, which masked
            the fact that the 'Reload from disk' link wasn't set up to require POST
            (it was only broken in the context menu). Now, confirmation and POST are
            separate flags, and 'Reload from disk' link now requests POST.

          (cherry picked from commit c9b878f4889659b889d03e24aa8e5cb6eb763b89)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/jenkins/management/ReloadLink.java core/src/main/resources/jenkins/model/Jenkins/manage.jelly http://jenkins-ci.org/commit/jenkins/3a2d38378a346e221be70ad8e13d66836ba71876 Log: [FIX JENKINS-38175] Fix various ManagementLink related bugs In the context menu, the 'post' flag was set iff 'requiresConfirmation' was set, even though they're independent (e.g. Prepare for shutdown requires the former but not the latter) /manage screen: The icon (t:summary) does not support POST or confirmation links, but was set to not link only if no confirmation was required (i.e. POST links did not POST when the icon was clicked now the icon is not clickable as a workaround) /manage screen: All links requiring confirmation did POST, which masked the fact that the 'Reload from disk' link wasn't set up to require POST (it was only broken in the context menu). Now, confirmation and POST are separate flags, and 'Reload from disk' link now requests POST. (cherry picked from commit c9b878f4889659b889d03e24aa8e5cb6eb763b89)

            danielbeck Daniel Beck
            stephendonner Stephen Donner
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: