Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
8.2.4
-
None
-
1
-
Severity 3 - Minor
-
3
-
Description
Issue Summary
Opening stop build in a new tab for a queued build will cause an XSRF failure .
Steps to Reproduce
Run a plan and allow it to complete
Disable all agents so build waits in queue
Re-run the same build
In Chrome > Right Click Stop Build > Open in new tab
XSRF: A mutative operation was attempted error because opening stop build in a new tab as the browser performs a GET instead of POST.
Now try to stop the build normally (without opening it a in a new tab)
It works as expected
Expected Results
Perhaps stopPlan.action should be completely protected (in-memory caches and stopping the build) from unsupported HTTP methods like GET since it performs mutative actions.
Actual Results
Upon opening Stop Build in a new tab (even for non re-runs) a GET request cannot mutate the build state from QUEUED -> NotBuilt:
Version: 8.2.4 Build: 80210 Build Date: 13 Jun 2022 Request information: Request URL: http://10.9.30.245:8085/build/admin/stopPlan.action Scheme: http Server: 10.9.30.245 Port: 8085 URI: /build/admin/stopPlan.action Context path: Servlet path: /build/admin/stopPlan.action Path info: Query string: planResultKey=TP-TBP-1&returnUrl=%2Fbrowse%2FTP-TBP-1 Stack Trace: java.lang.IllegalStateException: XSRF: Cannot stop build TP-TBP-1: unable to perform mutative operation at com.atlassian.bamboo.utils.XsrfUtils.fail(XsrfUtils.java:27)
Workaround
Stop the build normally without opening it in a new tab.