Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53409

Redirect after destructive Remote Access API action is hardcoded to http

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      When using the job/xxx/doDelete API, the redirect after successfully deleting the job to the root is hardcoded to use http, regardless of the root url set in the configuration.

      The issue was first discovered by a colleague of mine, and confirmed by me as affecting both the URL in the Location header in the 302 response of a successful destructive action, and the URL displayed when attempting to GET the same API URL in the browser.

      Because this is a largely cosmetic bug, it's not urgent, and we've monkey patched the client library we're using to rewrite obviously malformed URLs to https (we control both client and server, it only speaks https).

       

      Specific steps to reproduce in browser:

      1. Open jenkins configured with a https root URL
      2. Click on a job
      3. append /doDelete to the URL in the URL bar
      4. the reported "URL being accessed:" is prefixed with http instead of https

      Specific steps to reproduce in API:

      1. Open jenkins configured with a https root URL
      2. Send a POST to https://example.com:port/jenkins/job/jobname/doDelete
      3. the Location header in the 302 response will be http instead of https

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            steven_cogito Steven Karas
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: