Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47372

Create Admin Monitor for disabled CSRF protection

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Currently there is no admin monitor for CSRF protection. It is rather bug than feature.

      Acceptance criteria:

      • If CSRF is disabled on the instance, an admin gets administrative warning
      • There is a functional test, which checks the case

       

       

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          content/redirect/csrf-protection.adoc
          http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3
          Log:
          JENKINS-47372 - Add CSRF Protection Page redirect

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: content/redirect/csrf-protection.adoc http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3 Log: JENKINS-47372 - Add CSRF Protection Page redirect
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java
          core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly
          core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties
          core/src/main/resources/jenkins/security/csrf/Messages.properties
          test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java
          http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65
          Log:
          JENKINS-47372 Add a new Administrative monitor for CSRF-protection (#3072)

          • JENKINS-47372 add administrative monitor when there is no CSRF issuer configured
          • - add line breaks
          • - add license header
          • put link in the properties instead of the previous mix
          • remove @author
          • simplify isActivated body
          • - correct line breaks
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties core/src/main/resources/jenkins/security/csrf/Messages.properties test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65 Log: JENKINS-47372 Add a new Administrative monitor for CSRF-protection (#3072) JENKINS-47372 add administrative monitor when there is no CSRF issuer configured - add line breaks - add license header put link in the properties instead of the previous mix remove @author simplify isActivated body - correct line breaks
          Hide
          recampbell Ryan Campbell added a comment -

          Merged towards jenkins-2.85

          Show
          recampbell Ryan Campbell added a comment - Merged towards jenkins-2.85

            People

            • Assignee:
              wfollonier Wadeck Follonier
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: