Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16918

@RequirePOST and similar should send a 405

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When a GET request is sent to a resource which (generally for security reasons) requires POST, an appropriate response code should be sent, so that clients such as python-jenkins may properly report the error.

      • Most such web methods use @RequirePOST, for which currently a 500 is sent because org.kohsuke.stapler.interceptor.RequirePOST$Processor simply throws IllegalAccessException.
      • Build-like requests use BuildAuthorizationToken which forwards to requirePOST.jelly with a 200, which is no good. (If a token is supplied but is incorrect, it more reasonably sends a 403, via AccessDeniedException.)

      Both cases should probably send a 405 ("Method Not Allowed") with Allow: POST, though a 403 would not be inappropriate for the latter case since under some circumstances GET is still allowed for compatibility.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            First part should be solved when Stapler 1.215 is integrated.

            Show
            jglick Jesse Glick added a comment - First part should be solved when Stapler 1.215 is integrated.
            Hide
            jglick Jesse Glick added a comment -

            Stapler 1.217 integrated and includes fix for the first part. (Forgot to include Allow: POST; 1.218 should do that.)

            Show
            jglick Jesse Glick added a comment - Stapler 1.217 integrated and includes fix for the first part. (Forgot to include Allow: POST ; 1.218 should do that.)
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            changelog.html
            core/src/main/java/hudson/model/BuildAuthorizationToken.java
            test/src/test/java/jenkins/model/JenkinsTest.java
            http://jenkins-ci.org/commit/jenkins/ec9d809ddd2ed6930d1bf970999b152c5debdaa4
            Log:
            [FIXED JENKINS-16918] Use HTTP 405 when POST is required.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/BuildAuthorizationToken.java test/src/test/java/jenkins/model/JenkinsTest.java http://jenkins-ci.org/commit/jenkins/ec9d809ddd2ed6930d1bf970999b152c5debdaa4 Log: [FIXED JENKINS-16918] Use HTTP 405 when POST is required.
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #2797
            [FIXED JENKINS-16918] Use HTTP 405 when POST is required. (Revision ec9d809ddd2ed6930d1bf970999b152c5debdaa4)

            Result = SUCCESS
            Jesse Glick : ec9d809ddd2ed6930d1bf970999b152c5debdaa4
            Files :

            • test/src/test/java/jenkins/model/JenkinsTest.java
            • core/src/main/java/hudson/model/BuildAuthorizationToken.java
            • changelog.html
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #2797 [FIXED JENKINS-16918] Use HTTP 405 when POST is required. (Revision ec9d809ddd2ed6930d1bf970999b152c5debdaa4) Result = SUCCESS Jesse Glick : ec9d809ddd2ed6930d1bf970999b152c5debdaa4 Files : test/src/test/java/jenkins/model/JenkinsTest.java core/src/main/java/hudson/model/BuildAuthorizationToken.java changelog.html
            Hide
            zfil Philippe Jandot added a comment -

            stapler 1.217 cause JENKINS-19281 could you please check it ?

            Show
            zfil Philippe Jandot added a comment - stapler 1.217 cause JENKINS-19281 could you please check it ?
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/model/BuildAuthorizationToken.java
            test/src/test/java/jenkins/model/JenkinsTest.java
            http://jenkins-ci.org/commit/jenkins/d7e370236249a05a01fcb929da8593eac4cc4340
            Log:
            [FIXED JENKINS-16918] Use HTTP 405 when POST is required.

            (cherry picked from commit ec9d809ddd2ed6930d1bf970999b152c5debdaa4)

            Conflicts:
            changelog.html

            Compare: https://github.com/jenkinsci/jenkins/compare/3f460f0b6f07...d7e370236249

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/BuildAuthorizationToken.java test/src/test/java/jenkins/model/JenkinsTest.java http://jenkins-ci.org/commit/jenkins/d7e370236249a05a01fcb929da8593eac4cc4340 Log: [FIXED JENKINS-16918] Use HTTP 405 when POST is required. (cherry picked from commit ec9d809ddd2ed6930d1bf970999b152c5debdaa4) Conflicts: changelog.html Compare: https://github.com/jenkinsci/jenkins/compare/3f460f0b6f07...d7e370236249

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: