-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote access API issue on ci.jenkins.io #3042
Comments
This behavior is intentional to avoid abusing bots as this is a public instance. It is blocked at Apache level as per the following configuration: https://github.com/jenkins-infra/jenkins-infra/blob/dba2e7e5f4717e15936da84724651fc284851b51/dist/profile/manifests/jenkinscontroller.pp#L378-L385 |
|
The issue was 5 years ago, possibly we can just try unblocking it? #965 Otherwise if shields.io authenticates that would also fix it |
It can on self hosted instances: https://contributing.shields.io/tutorial-server-secrets.html |
AFAIU by discussing it with @dduportal this morning, these @jenkins-infra/security WDYT? Should these paths remain blocked or is Jenkins not vulnerable anymore on these paths? |
Can you block the |
Yes, that should doable at Apache level I guess. But what would be the uses cases? Asking because to be worth the risk (in term or performances, security, maintenance pain), I vote for being able to underline the use cases. For shields.io, the solution of a self hosted instance, allowed to reach the Jenkins instance directly is being raised: #3044. |
Service(s)
ci.jenkins.io
Summary
As noted by @jetersen in #3013,
.../api/json
paths on ci.jenkins.io return empty JSON, while it's working on the other instances (infra.ci.jenkins.io, weekly.ci.jenkins.io, ...)Reproduction steps
Go to https://ci.jenkins.io/job/Infra/job/plugin-site/job/master/api/json for example
The text was updated successfully, but these errors were encountered: