[JIRA] (JENKINS-59514) Use @POST instead of @RequirePOST for form submission endpoints

dbeck@cloudbees.com (JIRA)

unread,

Sep 24, 2019, 12:53:02 PM9/24/19

to jenkinsc...@googlegroups.com

Daniel Beck created an issue

Jenkins /

JENKINS-59514

Use @POST instead of @RequirePOST for form submission endpoints

Issue Type:	Bug
Assignee:	Daniel Beck
Components:	core
Created:	2019-09-24 16:52
Labels:	robustness
Priority:	Minor
Reporter:	Daniel Beck

Jenkins should not allow "attempt with POST" resubmissions of GET requests to form submission endpoints. They usually expects a form ( getSubmittedForm / structured form submission) with unexpected results when submission without a form is attempted (typically an exception stack trace, but who knows…)

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

dbeck@cloudbees.com (JIRA)

unread,

Oct 7, 2019, 4:11:08 AM10/7/19

to jenkinsc...@googlegroups.com

Daniel Beck closed an issue as Fixed

Jenkins /

JENKINS-59514

Use @POST instead of @RequirePOST for form submission endpoints

Change By:	Daniel Beck
Status:	Open Closed
Resolution:	Fixed
Released As:	jenkins-2.198

Add Comment

jimklimov@gmail.com (JIRA)

unread,

Oct 7, 2019, 8:35:04 AM10/7/19

to jenkinsc...@googlegroups.com

Jim Klimov commented on

JENKINS-59514

Re: Use @POST instead of @RequirePOST for form submission endpoints

As long as this does not block "form"al resubmission suggestions for GET URLs, like below, this is LGTM

````
This URL requires POST

The URL you're trying to access requires that requests be sent using POST (like a form submission).
The button below allows you to retry accessing this URL using POST. URL being accessed:

https://jenkins.domain/quietDown

If you were sent here from an untrusted source, please proceed with caution.
````

With a 2.198 weekly running, this seems to still work.