Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-10374

Authenticated remote API request responds with 403 when using POST request

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • other
    • None
    • Ubuntu 10.04 32 bit, Jenkins 1.421

      Configured to use Jenkins' user database, matrix-based security.

      I am calling the HTTP API using an authenticated request as described here:

      https://wiki.jenkins-ci.org/display/JENKINS/Authenticating%2Bscripted%2Bclients

      I discovered while trying to use the Python plugin in development at https://launchpad.net/python-jenkins that actually authentication only works using GET requests, not POST. This can be verified with wget as follows:

      GET request:

      wget --auth-no-challenge --http-user=[user] --http-password=[pass] http://[path to Jenkins]/job/[job_name]/buildWithParameters?[params]

      This works OK and triggers the job.

      POST request (note the --post-data option causes wget to use a POST request rather than GET):

      wget --post-data="" --auth-no-challenge --http-user=[user] --http-password=[pass] http://[path to Jenkins]/job/[job_name]/buildWithParameters?[params]

      This results in 403 Forbidden.

      I can't find in the documentation anything that says whether the design is that you should use GET or POST for triggering a request, but the semantics of triggering a job would certainly seem to be one that should be using POST rather than GET (since it definitely does have side effects).

            Unassigned Unassigned
            tjwood Tom Wood
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: