-
Bug
-
Resolution: Unresolved
-
Minor
-
4.13.0-38-generic Ubuntu kernel, based off jenkinsci/blueocean:1.7.1 image.
Jenkins 2.121.2 running in docker behind reverse proxy Apache (with Apache doing TLS termination).
Reverse proxy is configured for port 8888, jenkins is configured with https://server:8888/jenkins as the root URL.
When using the job/xxx/doDelete API, the redirect after successfully deleting the job to the root is hardcoded to use http, regardless of the root url set in the configuration.
The issue was first discovered by a colleague of mine, and confirmed by me as affecting both the URL in the Location header in the 302 response of a successful destructive action, and the URL displayed when attempting to GET the same API URL in the browser.
Because this is a largely cosmetic bug, it's not urgent, and we've monkey patched the client library we're using to rewrite obviously malformed URLs to https (we control both client and server, it only speaks https).
Specific steps to reproduce in browser:
- Open jenkins configured with a https root URL
- Click on a job
- append /doDelete to the URL in the URL bar
- the reported "URL being accessed:" is prefixed with http instead of https
Specific steps to reproduce in API:
- Open jenkins configured with a https root URL
- Send a POST to https://example.com:port/jenkins/job/jobname/doDelete
- the Location header in the 302 response will be http instead of https
