Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61308

REST Response Code to DeleteJob is a "302 - Found" redirect


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • Jenkins: CloudBees Jenkins Distribution
      OS: CentOS Linux 7 (Core)
    • Jenkins 2.227

      When sending a POST to $JENKINS_URL/$PATH-TO-JOB/doDelete Jenkins correctly deletes the Job and then responds with a response of "302 - Found". RFC 7231 describes this response as:

      The 302 (Found) status code indicates that the target resource
      resides temporarily under a different URI. Since the redirection
      might be altered on occasion, the client ought to continue to use the
      effective request URI for future requests.

      The server SHOULD generate a Location header field in the response
      containing a URI reference for the different URI. The user agent MAY
      use the Location field value for automatic redirection. The server's
      response payload usually contains a short hypertext note with a
      hyperlink to the different URI(s).

      Note: For historical reasons, a user agent MAY change the request
      method from POST to GET for the subsequent request. If this
      behavior is undesired, the 307 (Temporary Redirect) status code
      can be used instead.

      This doesn't seem like the appropriate response to a successful delete. The agent sends a POST (or GET) to the returned Location (from what I can tell the folder which contained the job, though this is documented nowhere) which results in receiving the full folder website. This behavior WOULD be appropriate when deleting via the web interface, but not a REST call.

      Instead, one would expect a "200 - OK" or "204 - No Content". Maybe a "203 - Accepted" if a deletion takes more time. As is, the returned status seems to make no sense as a 302 does not indicate success.

      Even worse, if the request was authenticated the 302 might lead to a place the user is forbidden to read! This results in the "Delete" request (indirectly) being answered with a "403 - Forbidden" or "404 - Not found", suggesting that the job that should be deleted wasn't found or that Jenkins refuses to honor the deletion request when it, in fact, has been accepted and fulfilled.

      At the very least this odd behaviour should be documented in the API documentation. Of course it would be preferable if it would actually be fixed. 


      EDIT: After some more research I discovered that some sites indeed use a "302" (or more appropriately "303 - See other") to point to the new resource. This still should not be the HTML page but instead the $JENKINS-URL/$PATh-TO-FOLDER/api/xml endpoint as this is a format that is easily parseable, unlike the HTML page.

            danielbeck Daniel Beck
            julian_schilling Julian Schilling
            0 Vote for this issue
            2 Start watching this issue