Rodney Stanton created JENKINS-13636: ----------------------------------------
Summary: notifyCommit method requires cookie, even when anonymous has build permission in ACL Key: JENKINS-13636 URL: https://issues.jenkins-ci.org/browse/JENKINS-13636 Project: Jenkins Issue Type: Bug Components: mercurial, security Affects Versions: current Environment: linux Reporter: Rodney Stanton Assignee: Kohsuke Kawaguchi When using "Enable Security" and Mercurial, the notifyCommit method fails even when anonymous has build permissions. The difference appears to be in the cookies. Failed case: GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: <redacted>:8080 Accept: */* HTTP/1.1 200 OK Server: Winstone Servlet Engine v0.9.10 Content-Type: text/plain;charset=ISO-8859-1 Connection: Close Date: Fri, 27 Apr 2012 17:37:29 GMT X-Powered-By: Servlet/2.5 (Winstone/0.9.10) Set-Cookie: JSESSIONID.79b17db3=3480193c16b0d5371437749c981fa1be; Path=/; HttpOnly No mercurial jobs found SUCCESS: GET /mercurial/notifyCommit?url=ssh://<redacted>/sandbox HTTP/1.1 Host: <redacted>:8080 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.7,ja;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Cookie: __utma=142065709.672751542.1326231118.1326319384.1331761724.3; __utmz=142065709.1331761724.3.2.utmcsr=t.co|utmccn=(referral)|utmcmd=referral|utmcct=/M7DYDoPx; _mkto_trk=id:364-BLA-665&token:_mch-<redacted>-1326231118044-34632; iconSize=16x16; ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=cnN0YW50b246MTMzNjQzMTg4NTIyOTpjN2U0ZTI4MGNiMGNkNTk2YTk0MmEwNjlkMDZkNDI5ZQ==; JSESSIONID.52356e8f=637ee763053a1b7d5ff29fd9a54088df; screenResolution=1920x1080 Cache-Control: max-age=0 HTTP/1.1 200 OK Server: Winstone Servlet Engine v0.9.10 Content-Type: text/plain;charset=ISO-8859-1 Triggered: http://<redacted>/job/testjob/ Connection: Close Date: Fri, 27 Apr 2012 17:36:04 GMT X-Powered-By: Servlet/2.5 (Winstone/0.9.10) Set-Cookie: JSESSIONID.79b17db3=68d15f2b379727128525f7f3933eae27; Path=/; HttpOnly -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira