Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53409

Redirect after destructive Remote Access API action is hardcoded to http

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      When using the job/xxx/doDelete API, the redirect after successfully deleting the job to the root is hardcoded to use http, regardless of the root url set in the configuration.

      The issue was first discovered by a colleague of mine, and confirmed by me as affecting both the URL in the Location header in the 302 response of a successful destructive action, and the URL displayed when attempting to GET the same API URL in the browser.

      Because this is a largely cosmetic bug, it's not urgent, and we've monkey patched the client library we're using to rewrite obviously malformed URLs to https (we control both client and server, it only speaks https).

       

      Specific steps to reproduce in browser:

      1. Open jenkins configured with a https root URL
      2. Click on a job
      3. append /doDelete to the URL in the URL bar
      4. the reported "URL being accessed:" is prefixed with http instead of https

      Specific steps to reproduce in API:

      1. Open jenkins configured with a https root URL
      2. Send a POST to https://example.com:port/jenkins/job/jobname/doDelete
      3. the Location header in the 302 response will be http instead of https

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              steven_cogito Steven Karas
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: