0

I'm running a Jenkins server behind an Apache Proxy.

I'm using Chrome as my browser

Now in a couple of places I have javascript code that looks like this.

console.log("Looking for " + log_url)
$.ajax({
    url: log_url,
    dataType: "xml"
})
.done(function(xml) {
    console.log("FOUND " + log_url);
})

(with something more interesting going on in the "done" section of course)

Now, in one place it works fine, that's when it's in a javascript file in jenkins userContent (a folder where you can put files you want jenkins to serve up via HTML) which is loaded from HTML on a jenkins generated page.

Looking at the headers I see

Request URL:http://myserver.com/jenkins/job/WPF-TryBuild/1190/artifact/Win32_Debug_build_log.xml
Request Method:GET
Status Code:200 OK
Remote Address:82.39.249.244:80
Response Headers
view parsed
HTTP/1.1 200 OK
Date: Mon, 31 Oct 2016 12:35:58 GMT
Server: Jetty(9.2.z-SNAPSHOT)
X-Content-Type-Options: nosniff
Content-Security-Policy: sandbox allow-scripts; default-src 'self'; script-src 'self' https://ajax.googleapis.com;
X-WebKit-CSP: sandbox allow-scripts; default-src 'self'; script-src 'self' https://ajax.googleapis.com;
X-Content-Security-Policy: sandbox allow-scripts; default-src 'self'; script-src 'self' https://ajax.googleapis.com;
Last-Modified: Mon, 31 Oct 2016 10:40:11 GMT
Expires: Mon, 31 Oct 2016 10:40:11 GMT
Accept-Ranges: bytes
Content-Type: application/xml
Content-Encoding: gzip
Access-Control-Allow-Origin: null
Access-Control-Allow-Methods: GET, PUT, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Request Headers
view parsed
GET /jenkins/job/WPF-TryBuild/1190/artifact/Win32_Debug_build_log.xml HTTP/1.1
Host: myserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/xml, text/xml, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
Referer: http://myserver.com/jenkins/job/WPF-TryBuild/1190/?auto_refresh=false
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=Sm9uOjE0Nzg4NjU1MTIyODg6ZjNlNmM5NDIwZDQwYWU0YzdiOTc2MWJjN2NjNzUxNDE5NDdhNmI3OGI0M2E1OGIxMzM4NjEwYmEyZjRmOGUwZA==; JSESSIONID.e269d02c=1nyxka737w02s1v7tq8opej8fu; JSESSIONID.61f82bd1=5qgyu4eegvkozmo5u1axqc6t; screenResolution=1440x900; JSESSIONID.61f82bd1=238or6iqc0se7r2lo4cyyco4; hudson_auto_refresh=false

So it's sending a GET request, headers are being served up as I have set them in the Apache proxy, and the page works, lovely.

However, if I do the same thing in a javascript file loaded by an HTML page which is in userContent, I see the following headers

Request URL:http://myserver.com/jenkins/job/WPF-TryBuild/1190/artifact/Win32_Debug_build_log.xml
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:82.39.249.244:80
Response Headers
view parsed
HTTP/1.1 403 Forbidden
Date: Mon, 31 Oct 2016 13:18:45 GMT
Server: Jetty(9.2.z-SNAPSHOT)
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 2.27
X-Jenkins-Session: f3999f25
X-Hudson-CLI-Port: 8081
X-Jenkins-CLI-Port: 8081
X-Jenkins-CLI2-Port: 8081
X-You-Are-Authenticated-As: anonymous
X-You-Are-In-Group: 
X-Required-Permission: hudson.model.Hudson.Read
X-Permission-Implied-By: hudson.security.Permission.GenericRead
X-Permission-Implied-By: hudson.model.Hudson.Administer
Set-Cookie: JSESSIONID.61f82bd1=tts6a6zkw60r1rfiu36q4l7b8;Path=/jenkins;HttpOnly
Access-Control-Allow-Origin: null
Access-Control-Allow-Methods: GET, PUT, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 383
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Request Headers
view parsed
OPTIONS /jenkins/job/WPF-TryBuild/1190/artifact/Win32_Debug_build_log.xml HTTP/1.1
Host: myserver.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
Access-Control-Request-Headers: x-requested-with
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

So it is sending an OPTIONS request, which is failing, so the code fails there and the page doesn't work (incidentally it works fine when I don't

So I have two questions.

1) Why do I see an OPTIONS request in one case, but not the other?

2) How can I make it work?

Now I know that an OPTIONS request is sent when the jquery is cross-domain, but I don't see how this would qualify as cross domain.

Everything is served up by the same server, the only difference is that in one case the parent page is generated by jenkins at the url /jenkins/job/WPF-TryBuild/[job_number]

whereas in the failing case the parent page is an html page served up by jenkins at

/jenkins/userContent/WpfReports/msbuild/MSBuildLog.html

(Incidentally, changing Access-Control-Allow-Origin from null to * makes no difference in either case)

Jon Hodgson
  • 129
  • 10
  • 3
    Perhaps this? http://stackoverflow.com/questions/1256593/why-am-i-getting-an-options-request-instead-of-a-get-request – DavidG Oct 31 '16 at 13:42
  • The browser will only allow a cross-domain HTTP request if the server responds with appropriate CORS headers (`Access-Control-Allow-Origin` primarily). Your server doesn't do that. – Pointy Oct 31 '16 at 13:46
  • How is it a cross domain request? Everything is coming from the same jenkins server through the same apache proxy. – Jon Hodgson Oct 31 '16 at 13:51

0 Answers0