Jenkins XSS protection interferes with API access (leads to 403)
Bug #1007261 reported by
Paul Sokolovsky
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linaro Jenkins |
Fix Released
|
Medium
|
Данило Шеган |
Bug Description
Trying to run mangle-jobs script with --really switch (actually write changes back to Jenkins) leads to 403 Forbidden even if user has admin privs. It does authenticate allows to read config though.
Related branches
lp:~danilo/linaro-android-build-tools/csrf-token
- Paul Sokolovsky: Approve
-
Diff: 88 lines (+37/-4)2 files modifiedutils/mangle-jobs/ci-tools-checkout.mangle (+9/-0)
utils/mangle-jobs/mangle-jobs (+28/-4)
summary: |
- API key auth leads to 403 for write changes + API key auth leads to 403 for write access |
summary: |
- API key auth leads to 403 for write access + Jenkins XSS protection interferes with API access (leads to 403) |
Changed in linaro-jenkins: | |
milestone: | none → 2013.02 |
assignee: | Paul Sokolovsky (pfalcon) → Данило Шеган (danilo) |
status: | Confirmed → In Progress |
Changed in linaro-jenkins: | |
status: | In Progress → Fix Committed |
Changed in linaro-jenkins: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Latest info from Deepti is that even using account/password backed by Jenkins user database, there's still 403.