Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53409

Redirect after destructive Remote Access API action is hardcoded to http



    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
    • Similar Issues:


      When using the job/xxx/doDelete API, the redirect after successfully deleting the job to the root is hardcoded to use http, regardless of the root url set in the configuration.

      The issue was first discovered by a colleague of mine, and confirmed by me as affecting both the URL in the Location header in the 302 response of a successful destructive action, and the URL displayed when attempting to GET the same API URL in the browser.

      Because this is a largely cosmetic bug, it's not urgent, and we've monkey patched the client library we're using to rewrite obviously malformed URLs to https (we control both client and server, it only speaks https).


      Specific steps to reproduce in browser:

      1. Open jenkins configured with a https root URL
      2. Click on a job
      3. append /doDelete to the URL in the URL bar
      4. the reported "URL being accessed:" is prefixed with http instead of https

      Specific steps to reproduce in API:

      1. Open jenkins configured with a https root URL
      2. Send a POST to https://example.com:port/jenkins/job/jobname/doDelete
      3. the Location header in the 302 response will be http instead of https



          There are no comments yet on this issue.


            • Assignee:
              steven_cogito Steven Karas
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: