Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16918

@RequirePOST and similar should send a 405

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
    • Similar Issues:

      Description

      When a GET request is sent to a resource which (generally for security reasons) requires POST, an appropriate response code should be sent, so that clients such as python-jenkins may properly report the error.

      • Most such web methods use @RequirePOST, for which currently a 500 is sent because org.kohsuke.stapler.interceptor.RequirePOST$Processor simply throws IllegalAccessException.
      • Build-like requests use BuildAuthorizationToken which forwards to requirePOST.jelly with a 200, which is no good. (If a token is supplied but is incorrect, it more reasonably sends a 403, via AccessDeniedException.)

      Both cases should probably send a 405 ("Method Not Allowed") with Allow: POST, though a 403 would not be inappropriate for the latter case since under some circumstances GET is still allowed for compatibility.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: