Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect 'CSRF Protection' wiki page to jenkins.io #3212

Closed
MarkEWaite opened this issue May 8, 2020 · 10 comments
Closed

Redirect 'CSRF Protection' wiki page to jenkins.io #3212

MarkEWaite opened this issue May 8, 2020 · 10 comments
Assignees
@LarrySul
Labels
documentation Jenkins documentation, including user and developer docs, solution pages, etc.
Projects
Administrator Guide update and migration

Comments

@MarkEWaite
Copy link
Contributor

MarkEWaite commented May 8, 2020
edited
Loading

Use the documentation page conversion instructions to redirect CSRF Protection from the wiki to jenkins.io.

The existing page is outdated and incomplete. It should redirect to the https://www.jenkins.io/doc/book/managing/security/#cross-site-request-forgery.

A wiki.jenkins.io redirect is the last step in migrating from wiki.jenkins.io to www.jenkins.io. Submit a pull request to jenkins-infra/.../vhost.conf that is modeled after previous pull requests like PR-1467.
@oleg-nenashev oleg-nenashev added the documentation Jenkins documentation, including user and developer docs, solution pages, etc. label May 13, 2020
@LarrySul
Copy link

Hi @oleg-nenashev looking to contribute to jenkins and I have gone through the contribution guide, permission to take this issue up

@oleg-nenashev
Copy link
Contributor

@LarrySul Hi, thanks for the interest!
I think that this particular page has been already migrated: https://www.jenkins.io/doc/book/managing/security/#cross-site-request-forgery though it needs to be update for recent Jenkins versions which enable CSRF by default.

I would suggest to...

CC @MarkEWaite @Wadeck @daniel-beck

@daniel-beck
Copy link
Contributor

AFAICT the wiki page is completely irrelevant right now after recent changes, and existing documentation elsewhere should be updated or just written from scratch.

Some (actually useful) references:

@MarkEWaite MarkEWaite changed the title Convert 'CSRF Protection' wiki page to jenkins.io Redirect 'CSRF Protection' wiki page to jenkins.io May 14, 2020
@MarkEWaite
Copy link
Contributor Author

MarkEWaite commented May 14, 2020
edited
Loading

@LarrySul are you willing to consider implementing this issue with its redefined scope?

I'd be happy to code review the pull request to the jenkins-infra/jenkins-infra repository that would add a redirect from the wiki page for CSRF protection to the existing documentation.

I created a separate GitHub issue to resolve the larger topics that have been identified by @daniel-beck . It is #3265

@LarrySul
Copy link

LarrySul commented May 14, 2020
edited
Loading

@MarkEWaite I'm open to learning how to implement the issue with the redefined scope under your guidance. I got lost for the moment but we can get started right away, I already cloned the repository

@MarkEWaite
Copy link
Contributor Author

MarkEWaite commented May 14, 2020
edited
Loading

That would be great @LarrySul . Thanks for being the "test case" for a revision of the instructions that I'm preparing for a jenkins.io pull request.

Redirecting a wiki page

Wiki pages are migrated one at a time. When the content of a wiki page has been migrated from wiki.jenkins.io and merged into www.jenkins.io, we can "hide" the wiki page by redirecting all requests for that page to the replacement page on www.jenkins.io. A page redirect pull request is used to define that redirect.

Wiki page redirect pull request

  1. Prepare a change for the jenkins-infra/jenkins-infra repository that will add two new lines of data to the vhost.conf file on the staging branch. The pull request should add to either the "Non plugin rewrites" section or the "Developer documentation" section of the vhost.conf file. The destinoatino section depends on the content of the page being redirected
  2. The data to be added will look something like this:
RewriteCond %{HTTP_USER_AGENT} !^jenkins-wiki-exporter/(.*)$
RewriteRule "^/display/JENKINS/CSRF\+Protection$" "https://www.jenkins.io/doc/book/managing/security/#cross-site-request-forgery" [NE,NC,L,QSA,R=301]
  1. Submit the pull request to the jenkins-infra/jenkins-infra repository repository with those two lines of data

@MarkEWaite
Copy link
Contributor Author

@LarrySul thanks again for being willing to "test drive" those instructions. If you can share your experience trying to follow those instructions, it will help me refine them so that others have a better experience.

We could also sit together on a Zoom video call if Zoom works in your area.

@LarrySul
Copy link

@MarkEWaite I have been able to complete the assigned task and made a PR for your reference the issue can be found here. The insructions were very much detailed enough and I only needed to spend few mins trying to figure out what was needed to be done. Thank you

@MarkEWaite MarkEWaite mentioned this issue May 15, 2020
Merged
@MarkEWaite
Copy link
Contributor Author

Redirect is complete and confirmed it is working as expected. Thanks @LarrySul

Administrator Guide update and migration automation moved this from To do to Done May 15, 2020
@LarrySul
Copy link

@MarkEWaite My pleasure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LarrySul LarrySul

Labels
documentation Jenkins documentation, including user and developer docs, solution pages, etc.
Projects
Administrator Guide update and migration
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MarkEWaite @daniel-beck @oleg-nenashev @LarrySul