Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15437

ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I have Jenkins set up with Project-based Matrix Authorization Strategy and have several custom build views.

      If a user attempts to switch to a view that has 1 or more projects that they do not have access to, Chrome brings up an error page with Error 330 (net::ERR_CONTENT_DECODING_FAILED: Unknown Error. Firefox brings up an error page saying "Content Encoding Error".

      Expected behavior would be to show no error and only show projects that the user has access to.

        Attachments

          Activity

          Hide
          jraja joni r added a comment -

          I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.

          Show
          jraja joni r added a comment - I came across same issue while setting up Project-based Matrix Authorization Strategy -scheme. As a workaround I set job-read permission to all authenticated users at Jenkins level.
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          Using wireshark, I see that the problem is because it's sending two sets of headers.

          GET /job/f/groups/newGroup HTTP/1.1
          Host: localhost:8080
          Connection: keep-alive
          Cache-Control: max-age=0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
          User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
          Accept-Encoding: gzip,deflate,sdch
          Accept-Language: en-US,en;q=0.8,ja;q=0.6
          Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
          Cookie: screenResolution=2560x1600; JSESSIONID.23b85107=8ea7deb23efb25dda41e3d0e12af2421; screenResolution=2560x1600; JSESSIONID.f93f7440=b6bc70d2d3f01b2ce13240ea6cd4da2f
          
          HTTP/1.1 403 Forbidden
          Server: Winstone Servlet Engine v0.9.10
          Content-Encoding: gzip
          Expires: 0
          Cache-Control: no-cache,must-revalidate
          X-Hudson-Theme: default
          Content-Type: text/html;charset=UTF-8
          X-Hudson: 1.395
          X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11)
          X-Jenkins-Session: a186bd6f
          X-Hudson-CLI-Port: 57208
          X-Jenkins-CLI-Port: 57208
          X-Jenkins-CLI2-Port: 57208
          X-SSH-Endpoint: localhost:55570
          X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB
          Content-Encoding: gzip
          Expires: 0
          Cache-Control: no-cache,must-revalidate
          X-Hudson-Theme: default
          X-Hudson: 1.395
          X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11)
          X-Jenkins-Session: a186bd6f
          X-Hudson-CLI-Port: 57208
          X-Jenkins-CLI-Port: 57208
          X-Jenkins-CLI2-Port: 57208
          X-SSH-Endpoint: localhost:55570
          X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB
          Content-Length: 2203
          Connection: Keep-Alive
          Date: Fri, 21 Jun 2013 21:12:10 GMT
          X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
          
          .... gzip encoded content follows ....
          

          The gzipped content itself appears OK, as I was able to gunzip it just fine. I think it is the fact that there are two Content-Encoding header that's breaking the browser.

          Show
          kohsuke Kohsuke Kawaguchi added a comment - Using wireshark, I see that the problem is because it's sending two sets of headers. GET /job/f/groups/newGroup HTTP/1.1 Host: localhost:8080 Connection: keep-alive Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,ja;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: screenResolution=2560x1600; JSESSIONID.23b85107=8ea7deb23efb25dda41e3d0e12af2421; screenResolution=2560x1600; JSESSIONID.f93f7440=b6bc70d2d3f01b2ce13240ea6cd4da2f HTTP/1.1 403 Forbidden Server: Winstone Servlet Engine v0.9.10 Content-Encoding: gzip Expires: 0 Cache-Control: no-cache,must-revalidate X-Hudson-Theme: default Content-Type: text/html;charset=UTF-8 X-Hudson: 1.395 X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11) X-Jenkins-Session: a186bd6f X-Hudson-CLI-Port: 57208 X-Jenkins-CLI-Port: 57208 X-Jenkins-CLI2-Port: 57208 X-SSH-Endpoint: localhost:55570 X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB Content-Encoding: gzip Expires: 0 Cache-Control: no-cache,must-revalidate X-Hudson-Theme: default X-Hudson: 1.395 X-Jenkins: 1.509.1.1-SNAPSHOT (Jenkins Enterprise by CloudBees 12.11) X-Jenkins-Session: a186bd6f X-Hudson-CLI-Port: 57208 X-Jenkins-CLI-Port: 57208 X-Jenkins-CLI2-Port: 57208 X-SSH-Endpoint: localhost:55570 X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnax9jJCeLEPg+yo3IgtSWGaaIxNFgBySsS96Rs91ra2HPjqNBODcgMSLhc0iJEV48XSJvi4XbFw8rZifMYih+5TgqBxYbcaWBMyrGcj3bYve3CaJKnmKOa9OYTQbaP6smL04ao7VlH6HjKrX9yqSKzfUfEmB5tJLTZyg/iqRgOizubNTyR9vFmtiGSivTeramK4AmIZB4zZ4DaylR6vY6FOjf9XIg/s2hpvxat/Jr2IuB+7fvUILP5E/t/Lwqs/MhFml33vUuAIqSk9B+QyJ4mGT14TRry1vMQvsn2RaYBB4m8DVbWpIccQLzBlaTw+1l3knh/VvGBguoCjx4KFGgwIDAQAB Content-Length: 2203 Connection: Keep-Alive Date: Fri, 21 Jun 2013 21:12:10 GMT X-Powered-By: Servlet/2.5 (Winstone/0.9.10) .... gzip encoded content follows .... The gzipped content itself appears OK, as I was able to gunzip it just fine. I think it is the fact that there are two Content-Encoding header that's breaking the browser.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          core/pom.xml
          core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
          core/src/main/resources/lib/layout/layout.jelly
          http://jenkins-ci.org/commit/jenkins/d3575548bbd39acdbc0f73533f9078d59828b428
          Log:
          [FIXED JENKINS-15437]

          The exception handler ended up adding almost all the headers again,
          resulting in a lot of duplicate headers.

          Most critically, stapler was adding "Content-Encoding" header twice,
          breaking browsers.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html core/pom.xml core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly http://jenkins-ci.org/commit/jenkins/d3575548bbd39acdbc0f73533f9078d59828b428 Log: [FIXED JENKINS-15437] The exception handler ended up adding almost all the headers again, resulting in a lot of duplicate headers. Most critically, stapler was adding "Content-Encoding" header twice, breaking browsers.
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #2655
          [FIXED JENKINS-15437] (Revision d3575548bbd39acdbc0f73533f9078d59828b428)

          Result = SUCCESS
          kohsuke : d3575548bbd39acdbc0f73533f9078d59828b428
          Files :

          • changelog.html
          • core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
          • core/src/main/resources/lib/layout/layout.jelly
          • core/pom.xml
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #2655 [FIXED JENKINS-15437] (Revision d3575548bbd39acdbc0f73533f9078d59828b428) Result = SUCCESS kohsuke : d3575548bbd39acdbc0f73533f9078d59828b428 Files : changelog.html core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly core/pom.xml
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
          core/src/main/resources/lib/layout/layout.jelly
          http://jenkins-ci.org/commit/jenkins/af59db06f0eba2674fc8338d3ba18335541eae32
          Log:
          [FIXED JENKINS-15437]

          The exception handler ended up adding almost all the headers again,
          resulting in a lot of duplicate headers.

          Most critically, stapler was adding "Content-Encoding" header twice,
          breaking browsers.

          (cherry picked from commit d3575548bbd39acdbc0f73533f9078d59828b428)

          Conflicts:
          changelog.html
          core/pom.xml

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java core/src/main/resources/lib/layout/layout.jelly http://jenkins-ci.org/commit/jenkins/af59db06f0eba2674fc8338d3ba18335541eae32 Log: [FIXED JENKINS-15437] The exception handler ended up adding almost all the headers again, resulting in a lot of duplicate headers. Most critically, stapler was adding "Content-Encoding" header twice, breaking browsers. (cherry picked from commit d3575548bbd39acdbc0f73533f9078d59828b428) Conflicts: changelog.html core/pom.xml

            People

            • Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              glimberg Grant Limberg
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: