Project

General

Profile

Bug #673

Curl can't be used to trigger runs

Added by Dis Connect almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Puppet integration
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Running

curl http://puppet.foo.com:3000/hosts/host.foo.com/puppetrun

Results in
ActionController::RedirectBackError (No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure to specify request.env["HTTP_REFERER"].):
  app/controllers/hosts_controller.rb:211:in `puppetrun'
  /usr/lib/ruby/1.8/mongrel.rb:159:in `process_client'
  /usr/lib/ruby/1.8/mongrel.rb:158:in `each'
  /usr/lib/ruby/1.8/mongrel.rb:158:in `process_client'
  /usr/lib/ruby/1.8/mongrel.rb:285:in `run'
  /usr/lib/ruby/1.8/mongrel.rb:285:in `initialize'
  /usr/lib/ruby/1.8/mongrel.rb:285

Rendering /usr/share/foreman/public/500.html (500 Internal Server Error)
Processing HostsController#puppetrun (for 1.2.3.4 at 2011-02-16 12:55:35) [GET]
  Parameters: {"action"=>"puppetrun", "id"=>"host.foo.com", "controller"=>"hosts"}

ActionController::RedirectBackError (No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure to specify request.env["HTTP_REFERER"].):
  app/controllers/hosts_controller.rb:211:in `puppetrun'
  /usr/lib/ruby/1.8/mongrel.rb:159:in `process_client'
  /usr/lib/ruby/1.8/mongrel.rb:158:in `each'
  /usr/lib/ruby/1.8/mongrel.rb:158:in `process_client'
  /usr/lib/ruby/1.8/mongrel.rb:285:in `run'
  /usr/lib/ruby/1.8/mongrel.rb:285:in `initialize'
  /usr/lib/ruby/1.8/mongrel.rb:285

Rendering /usr/share/foreman/public/500.html (500 Internal Server Error)

The run completes successfully however.

Associated revisions

Revision e57d4aa5 (diff)
Added by Ohad Levy over 9 years ago

fixes #673 - Curl can't be used to trigger runs

History

#1 Updated by Dis Connect almost 10 years ago

Oh. And XSS:

curl -E http://cnn.com

<html><body>You are being <a href="http://cnn.com/">redirected</a>.</body></html>

#2 Updated by Ohad Levy over 9 years ago

  • Target version set to 0.3

#3 Updated by Ohad Levy over 9 years ago

  • Status changed from New to Ready For Testing
  • % Done changed from 0 to 100

#4 Updated by Ohad Levy over 9 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF