Scriptler using GET in Jenkins2

38 views
Skip to first unread message

adam.l...@gmail.com

unread,
May 18, 2022, 3:01:41 PM5/18/22
to Jenkins Users
On Jenkins 1.x we can call scriptlet entries using GET.
On Jenkin 2.x, any GET attempts are being returned with an error that they must be done via POST

I'm not finding anything in JIRA, but my search could be bad.

Has this functionality changed?

 Thank you !

-----

From the documentation:  https://plugins.jenkins.io/scriptler/

REST

since version 1.7, one can also run a script using GET or POST to the URL /scriptler/run/<your-script-id> with the optional parameters node, script (alternative script text), contentType, and the parameters defined for your stored script.

e.g.

http://myserver/jenkins/scriptler/run/<yourScriptId>?param1=value1



Daniel Beck

unread,
May 18, 2022, 3:48:31 PM5/18/22
to jenkins...@googlegroups.com
On Wed, May 18, 2022 at 9:01 PM adam.l...@gmail.com <adam.l...@gmail.com> wrote:
On Jenkins 1.x we can call scriptlet entries using GET.
On Jenkin 2.x, any GET attempts are being returned with an error that they must be done via POST

adam.l...@gmail.com

unread,
May 18, 2022, 4:02:44 PM5/18/22
to Jenkins Users
Thank you for that.

 But the way I read that is as a warning: subject to CSRF problems, be warned.  I don't see any indication that GET has been disabled.

What am I not seeing?

 Thank you

Daniel Beck

unread,
May 19, 2022, 4:46:53 AM5/19/22
to jenkins...@googlegroups.com
On Wed, May 18, 2022 at 10:02 PM adam.l...@gmail.com <adam.l...@gmail.com> wrote:
 But the way I read that is as a warning: subject to CSRF problems, be warned.  I don't see any indication that GET has been disabled.

What am I not seeing?

With publication of the advisory, we suspended distribution of the plugin for a while until the issues were fixed in release 3.0. The fix for this was to require POST, which Jenkins applies CSRF protection to. Advisories are not updated when previously unresolved issues are fixed, so it still says that as of publication, there is no fix.

adam.l...@gmail.com

unread,
May 20, 2022, 3:06:30 AM5/20/22
to Jenkins Users
Ah, I see.   Thank you.

 Hoping I can easily find the way to revert it via commits history.   We're not worried about the security issue, just the functionality.
Reply all
Reply to author
Forward
0 new messages