Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-9919

URL of webhook deliveries should not contain credentials

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.5
    • Component/s: Webhook
    • Labels:
      None

      Description

      Credentials can be configured in the URL (see SONAR-9896), for example http://login:password@server. When payload is sent, the credentials are removed from the URL and sent through the HTTP header authorization.
      The URL stored with the delivery and available through api/webhook web services should be the effective URL, not the configured URL. The credentials should not be part of the URL persisted with deliveries.
      Someday we could store the effective HTTP headers too, like GitHub, but it's not planned yet.

        Attachments

          Activity

            People

            Assignee:
            sebastien.lesaint Sebastien Lesaint
            Reporter:
            simon.brandhof Simon Brandhof (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: