Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31068

The reverse proxy monitor doesn't verify anymore if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true on Tomcat

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When deployed under Tomcat, Jenkins requires to have this option set :

      -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
      

      This is a known issue/limitation/prerequisite like described in:

      The reverse proxy monitor was verifying this originally ( info confirmed by Jesse Glick ) :
      https://github.com/jenkinsci/jenkins/commit/724f9e0dfc2011d4c12e867bd85bc3f32c2b0513 (1.552)

      But it was lost in this commit: https://github.com/jenkinsci/jenkins/commit/cffe9df0176b0ff895554ce7f2ea4d2f20062351 (1.572)

      I'm not sure that all these controls should be in the same monitor but for sure the test must be done.

      Maybe:

      • to be re-added in the reverse proxy monitor to verify when the problem comes from the reverse proxy.
      • to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured.

            Not only Tomcat, Apache (reverse proxy) also screws up slashes.

            Show
            danielbeck Daniel Beck added a comment - to be re- added as a specific Monitor for Tomcat because if org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH isn't set it will break some Jenkins features (400 HTTP Error - Bad Request with AJAX calls inside Folders for example, ...) even if there is no reverse proxy configured. Not only Tomcat, Apache (reverse proxy) also screws up slashes.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Josiah Haswell
            Path:
            core/src/main/resources/hudson/diagnosis/ReverseProxySetupMonitor/message.jelly
            http://jenkins-ci.org/commit/jenkins/33799df36cbf2f5e0c5d0ac8372ff761e82c3784
            Log:
            [FIXED JENKINS-31068] Monitor does not detect when Tomcat URL encoding parameter rejects forward slashes in URL (#2977)

            • backing out changes--they don't fully work
            • Saving progress so that I can revert to an earlier version for tests
            • So, pretty exhaustive testing yields that these modifications have the same behavior as the previous versions
            • [FIX JENKINS-31068] Adding wiki reference to error message. Adding trailing slash to URL
            • [FIX JENKINS-31068] It looks like different versions of Tomcat and Apache HTTP handle this case differently. Really, the best we can do is check to see if the test method was not hit and passed correctly--if we hit it, we get more information on the configuration error. If we don't, we just refer them to a general wiki page
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Josiah Haswell Path: core/src/main/resources/hudson/diagnosis/ReverseProxySetupMonitor/message.jelly http://jenkins-ci.org/commit/jenkins/33799df36cbf2f5e0c5d0ac8372ff761e82c3784 Log: [FIXED JENKINS-31068] Monitor does not detect when Tomcat URL encoding parameter rejects forward slashes in URL (#2977) Fixing JENKINS-31068 backing out changes--they don't fully work Saving progress so that I can revert to an earlier version for tests So, pretty exhaustive testing yields that these modifications have the same behavior as the previous versions [FIX JENKINS-31068] Adding wiki reference to error message. Adding trailing slash to URL [FIX JENKINS-31068] It looks like different versions of Tomcat and Apache HTTP handle this case differently. Really, the best we can do is check to see if the test method was not hit and passed correctly--if we hit it, we get more information on the configuration error. If we don't, we just refer them to a general wiki page
            Hide
            recampbell Ryan Campbell added a comment -

            Released in jenkins-2.77

            Show
            recampbell Ryan Campbell added a comment - Released in jenkins-2.77

              People

              • Assignee:
                jhaswell Josiah Haswell
                Reporter:
                aheritier Arnaud Héritier
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: