[Qa-jenkins-scm] [jenkins.debian.net] 01/01: apache2: don't rewrite requests for /descriptorByName
Mattia Rizzolo
mattia at debian.org
Sun Dec 10 16:22:51 UTC 2017
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to branch master
in repository jenkins.debian.net.
commit 0c3b90798c0a05c8369f9a4e513acad3366f15ca
Author: Mattia Rizzolo <mattia at debian.org>
Date: Sun Dec 10 17:19:12 2017 +0100
apache2: don't rewrite requests for /descriptorByName
The credential plugin generates URLs like
https://jenkins.debian.net/descriptorByName/com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl/checkId?value=&$provider=com.cloudbees.plugins.credentials.CredentialsSelectHelper%24SystemContextResolver&$token=jenkins
and the UI just doesn't work (return a 403) if such url is mangled.
This prevents configuring new credentials.
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
---
hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf
index 25ac6cf..8b9f3f8 100644
--- a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf
+++ b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf
@@ -102,9 +102,11 @@ Use common-debian-service-https-redirect www.reproducible-builds.org
AddDefaultCharset utf-8
# allow certain params only from alioth (token is used to trigger builds)
- RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
# this is git.d.o which is really moszumanska.d.o
# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
+ RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
+ # This is a path used, for example, by the credential plugin
+ Rewritecond %{REQUEST_URI} !^/descriptorByName/
RewriteCond %{QUERY_STRING} token
RewriteRule ^ - [F]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list