Hi,
we have some html+js hosted in JENKINS/userContent/, and using the rest
api (mainly jsonp, - we are planning to host those pages/script on a
dedicated server later) extensively to cumulate/reorganise the
information (both from Jenkins and other systems, like Jira) for
different user groups . They work on browser session/cookie basis, as
long as the user is logged in to Jenkins and Jira, then the scripts are
working, no extra authentification is necessary. So far this solution
works perfectly and helps alot.
However since 1.502, Jenkins responses 403 errors to the jsonp requests,
so the scripts basically do not work anymore.
|<html><head><title>Error 403</title></head><body bgcolor="#ffffff">
<h1>Status Code: 403</h1>
Exception||: jsonp forbidden; can use -Dhudson.model.Api.INSECURE=true if you run
without security<br>Stacktrace||:
<pre>(none)
||</pre><br><hr size="1" width="90%">
<i>Generated by Winstone Servlet Engine v0.9.10 at Tue Mar 12 11:12||:31 CET
2013</i></body></html>|
The jvm parameter suggested in the error message does eliminates the
error, and the scripts work again, but my concern is: does this paramter
makes Jenkins access more open than necessary? Since we ARE using
Jenkins built-in user database plus Role-Based Strategy, no anonymouse
access (https only) .
Is this a security update of some unexpected side effect?
Any suggestion is greatly appreciated.
- jv
--
You received this message because you are subscribed to the Google Groups "Jenkins
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
