Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51937

Credenitals :pop-dialog uses hardcoded http instead of https

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      While trying to add credentials e.g. from a git step in the snippet generator, the generated form points to a http url, even if the source was https and jenkins is configured with a https base url.

       

      <form method="POST" action="http://<host>/jenkins/descriptor/com.cloudbees.plugins.credentials.CredentialsSelectHelper/resolver/com.cloudbees.plugins.credentials.CredentialsSelectHelper$SystemContextResolver/provider/com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl/context/jenkins/addCredentials" id="credentials-dialog-form"><table width="100%"><tbody><tr><td class="setting-leftspace">&nbsp;</td><td class="setting-name">Domain</td><td class="setting-main"><select class="setting-input" name="_.domain"><option value="Docker">Docker</option><option value="_" selected="true">Global credentials (unrestricted)
      

      On trying to submit, a warning about the unsecure channel is emitted and the creation fails as jenkins is not available via http

        Attachments

          Activity

          Hide
          stephenconnolly Stephen Connolly added a comment -

          Are you behind a reverse proxy?

          Is your reverse proxy actually set up correctly?

          99.999% of the time this is an issue with how the reverse proxy is set up. For example, please take a look at my comment on https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+HAProxy

          There is a method in Jenkins that infers the root URL from the request URL... this method in jenkins core uses the X-Forwarded-Proto, X-Forwarded-Port and X-Forwarded-Host headers to build the URL. That method is the URL we use in the credentials page because in the context of how the form is built, we have no way to determine the actual request URL, and consequently we cannot construct the correct number of ../ to prefix in order to reach the destination URL. If we used the Jenkins.getRootUrl() method, which picks the URL you set in the global config, then anyone accessing Jenkins e.g. by IP address or by a different hostname (such as the short name) will hit CORS effects and be unable to submit forms)

          So, I wish the reverse proxy check on the Manage Jenkins screen was reliable to detect this issue... and I wish that the wiki pages all gave people guidance on how to configure their reverse proxy correctly, but I am 99.999% certain that this is just an issue with the reverse proxy

          Show
          stephenconnolly Stephen Connolly added a comment - Are you behind a reverse proxy? Is your reverse proxy actually set up correctly? 99.999% of the time this is an issue with how the reverse proxy is set up. For example, please take a look at my comment on https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+HAProxy There is a method in Jenkins that infers the root URL from the request URL... this method in jenkins core uses the X-Forwarded-Proto , X-Forwarded-Port and X-Forwarded-Host headers to build the URL. That method is the URL we use in the credentials page because in the context of how the form is built, we have no way to determine the actual request URL, and consequently we cannot construct the correct number of ../ to prefix in order to reach the destination URL. If we used the Jenkins.getRootUrl() method, which picks the URL you set in the global config, then anyone accessing Jenkins e.g. by IP address or by a different hostname (such as the short name) will hit CORS effects and be unable to submit forms) So, I wish the reverse proxy check on the Manage Jenkins screen was reliable to detect this issue... and I wish that the wiki pages all gave people guidance on how to configure their reverse proxy correctly, but I am 99.999% certain that this is just an issue with the reverse proxy
          Hide
          stephenconnolly Stephen Connolly added a comment -

          Incomplete, because the open question is whether a reverse proxy is fronting Jenkins (probably yes as the URL is https and that is easiest to do with a reverse proxy) and the X-Forwarded- headers need to be checked on that reverse proxy.

          Reopen if there is no reverse proxy or if the issue is still present when the reverse proxy is correctly configured

          Show
          stephenconnolly Stephen Connolly added a comment - Incomplete, because the open question is whether a reverse proxy is fronting Jenkins (probably yes as the URL is https and that is easiest to do with a reverse proxy) and the X-Forwarded- headers need to be checked on that reverse proxy. Reopen if there is no reverse proxy or if the issue is still present when the reverse proxy is correctly configured
          Hide
          ankush_rana Ankush Rana added a comment -

          thanks Sir....it really help full.

           

          Show
          ankush_rana Ankush Rana added a comment - thanks Sir....it really help full.  
          Hide
          pedersen Björn Pedersen added a comment -

          Yes, it was the proxy setting that was causing this. After adding the header the url is correct.

          Show
          pedersen Björn Pedersen added a comment - Yes, it was the proxy setting that was causing this. After adding the header the url is correct.

            People

            Assignee:
            stephenconnolly Stephen Connolly
            Reporter:
            pedersen Björn Pedersen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: