Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16936

Extension point for secure users of Api

    Details

    • Similar Issues:

      Description

      As a security fix, hudson.model.Api no longer permits the jsonp parameter, or xpath with a primitive result set. This is the safest policy but in certain cases it is useful to whitelist particular requesters known to be harmless. The INSECURE system property should be deprecated or deleted and an extension point introduced so various policies can be added by plugins: whitelists based on host name, requests with no Referer, etc.

        Attachments

          Issue Links

            Activity

            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue is blocking SECURITY-47 [ SECURITY-47 ]
            recampbell Ryan Campbell made changes -
            Assignee recampbell [ recampbell ]
            jglick Jesse Glick made changes -
            Labels security 1.480.4-candidate security
            jglick Jesse Glick made changes -
            Link This issue is related to JENKINS-17005 [ JENKINS-17005 ]
            jglick Jesse Glick made changes -
            Labels 1.480.4-candidate security lts-candidate security
            jglick Jesse Glick made changes -
            Assignee recampbell [ recampbell ] Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            scm_issue_link SCM/JIRA link daemon made changes -
            Status In Progress [ 3 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            olivergondza Oliver Gond┼ża made changes -
            Labels lts-candidate security 1.532.2-fixed security
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 147766 ] JNJira + In-Review [ 192574 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: