-
-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-73422] Add escape hatch for Authenticated user access to Resource URL #9644
Conversation
core/src/main/java/jenkins/security/ResourceDomainRootAction.java
Outdated
Show resolved
Hide resolved
Co-authored-by: Daniel Beck <[email protected]>
/label ready-for-merge This PR is now ready for merge, after ~24 hours, we will merge it if there's no negative feedback. Thanks! |
…ource URL (jenkinsci#9644) Co-authored-by: Daniel Beck <[email protected]> (cherry picked from commit 5fe9a44)
@Dohbedoh would you be able to verify whether the Thanks! |
@kmartens27 you are right. I opened jenkins-infra/jenkins.io#7576 |
See JENKINS-73422 caused by #8922. Proposing an escape hatch to re-allow access to Resource URL. Many users seem impacted due to client automatically sending Authorization on redirect.. The escape hatch can help transitioning to the correct behavior while still upgrading Jenkins.
Testing done
Unit test.
Proposed changelog entries
Proposed upgrade guidelines
To allow authenticated user to access Resource URL, add the system property
jenkins.security.ResourceDomainRootAction.allowAuthenticatedUser=false
on startup. This can also be done live by executing the groovy scriptjenkins.security.ResourceDomainRootAction.ALLOW_AUTHENTICATED_USER = true
.Submitter checklist
Desired reviewers
@daniel-beck
Before the changes are marked as
ready-for-merge
:Maintainer checklist