Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47372

Create Admin Monitor for disabled CSRF protection

      Currently there is no admin monitor for CSRF protection. It is rather bug than feature.

      Acceptance criteria:

      • If CSRF is disabled on the instance, an admin gets administrative warning
      • There is a functional test, which checks the case

       

       

          [JENKINS-47372] Create Admin Monitor for disabled CSRF protection

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          content/redirect/csrf-protection.adoc
          http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3
          Log:
          JENKINS-47372 - Add CSRF Protection Page redirect

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: content/redirect/csrf-protection.adoc http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3 Log: JENKINS-47372 - Add CSRF Protection Page redirect

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java
          core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly
          core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties
          core/src/main/resources/jenkins/security/csrf/Messages.properties
          test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java
          http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65
          Log:
          JENKINS-47372 Add a new Administrative monitor for CSRF-protection (#3072)

          • JENKINS-47372 add administrative monitor when there is no CSRF issuer configured
          • - add line breaks
          • - add license header
          • put link in the properties instead of the previous mix
          • remove @author
          • simplify isActivated body
          • - correct line breaks

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties core/src/main/resources/jenkins/security/csrf/Messages.properties test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65 Log: JENKINS-47372 Add a new Administrative monitor for CSRF-protection (#3072) JENKINS-47372 add administrative monitor when there is no CSRF issuer configured - add line breaks - add license header put link in the properties instead of the previous mix remove @author simplify isActivated body - correct line breaks

          Ryan Campbell added a comment -

          Merged towards jenkins-2.85

          Ryan Campbell added a comment - Merged towards jenkins-2.85

            wfollonier Wadeck Follonier
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: