Allow connector to listen in all interfaces #84
Conversation
|
This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation. |
| @@ -673,7 +673,7 @@ public Thread newThread(Runnable r) { | |||
| HttpConfiguration config = connector.getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration(); | |||
| // use a bigger buffer as Stapler traces can get pretty large on deeply nested URL | |||
| config.setRequestHeaderSize(12 * 1024); | |||
| connector.setHost("localhost"); | |||
| connector.setHost(System.getProperty("host", "localhost")); | |||
There was a problem hiding this comment.
Seems like this would be bad, it opens up a potentially insecure instance on public interfaces, which is a drive by owning of your machine
|
it is a bad idea if you run it in an open network with 0.0.0.0 |
There was a problem hiding this comment.
I looked through the usage from kubernetes plugin tests. It does use 0.0.0.0 but only from a Jenkinsfile that presumably is already running in a self-contained environment, and uses a more secure default.
I think this is OK but should be accompanied by a comment warning anyone of the dangers of setting this property, and in particular if set to 0.0.0.0 should log a runtime warning too.
|
@carlossg please feel free to reopen it if you are still interested |
In the kubernetes plugin we need the server to listen in all interfaces to connect external agents.
Currently working by copying the class https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/test/java/org/jvnet/hudson/test/JenkinsRuleNonLocalhost.java#L83
@reviewbybees