|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
- [JIRA] (JENKINS-14223) accessing Jenkins ... di...@fast.au.fujitsu.com (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... brenu...@java.net (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... di...@fast.au.fujitsu.com (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... ohtake_tomoh...@java.net (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... brenu...@java.net (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... k...@kohsuke.org (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... k...@kohsuke.org (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... brenu...@java.net (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... brenu...@java.net (JIRA)
- [JIRA] (JENKINS-14223) accessing Jen... di...@fast.au.fujitsu.com (JIRA)
I suppose one way to resolve this is to always load those scripts from HTTPS. That would work for usage statistics hit, but we don't want that for update center, as we rely on our mirrors to serve most of the traffic, and mirrors don't serve bits through HTTPS. It has gotten its own integrity check via signing, so this is no less secure than HTTPS.
I think you'll have to set the Jenkins URL to the URL that users would access Jenkins with, which is HTTPS in this case. Without this all sorts of other things, such as e-mail notifications, would break.
So I'm going to close this as WONTFIX. We even issue a warning in the configuration screen when the Jenkins URL is set to localhost to call attention to this.