Ticket #252 (closed defect: fixed)

Opened 4 years ago

Last modified 22 months ago

side-effecty operations (Force Builder) should be POSTs

Reported by: zooko Owned by:
Priority: major Milestone: 0.8.0
Version: 0.7.6 Keywords:
Cc:

Description

Carefully did I configure my apache so that only logged-in, authenticated users could send POST requests.

Shocked was I to learn that buildbot's "Force Build" form is not a POST.

Change History

comment:1 Changed 3 years ago by zooko

I would like to give contributors to allmydata.org Tahoe the ability to force builds on buildbots. However, other folks responsible for the allmydata.org infrastructure don't want unauthenticated users or web crawlers or whatever to be able to force builds. If this buildbot ticket were fixed, then the configuration I have already done on the allmydata.org apache server to allow only logged-in users to send POST requests would allow Tahoe contributors to force builds.

comment:2 Changed 3 years ago by dustin

+1 here.. shouldnt be too hard, right?

comment:3 Changed 3 years ago by zooko

Yeah, shouldn't be too hard. I know Brian doesn't disagree with the principle of the idea.

comment:4 Changed 3 years ago by dustin

  • Milestone changed from undecided to 0.7.+

We all agree it's not too hard .. let's do it :)

comment:5 Changed 22 months ago by marcusl

  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone changed from 0.8.+ to 0.8.0

Seems to be fixed. All forms use method=post except the waterfall config, which is and should be get.

Note: See TracTickets for help on using tickets.