[JENKINS-41891] Resource root url cleanup (#4294)

6c6d787f · Josh Soref · GitHub · 98ab2025 · 6c6d787f · 6c6d787f
12 changed file
--- a/core/src/main/java/hudson/model/UpdateSite.java
+++ b/core/src/main/java/hudson/model/UpdateSite.java
@@ -481,7 +481,7 @@ public class UpdateSite {
    
    /**
     * Exposed to get rid of hardcoding of the URL that serves up update-center.json
-     * in Javascript.
+     * in JavaScript.
     */
    @Exported
    public String getUrl() {

--- a/core/src/main/java/jenkins/diagnostics/RootUrlNotSetMonitor.java
+++ b/core/src/main/java/jenkins/diagnostics/RootUrlNotSetMonitor.java
@@ -34,7 +34,7 @@ import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;

 /**
- * Jenkins root URL is required for a lot of operations in both core and plugins.
+ * Jenkins URL is required for a lot of operations in both core and plugins.
 * There is a default behavior (infer the URL from the request object), but inaccurate in some scenarios.
 * Normally this root URL is set during SetupWizard phase, this monitor is there to ensure that behavior.
 * Potential exceptions are the dev environment, if someone disable the wizard or

--- a/core/src/main/java/jenkins/security/ResourceDomainConfiguration.java
+++ b/core/src/main/java/jenkins/security/ResourceDomainConfiguration.java
@@ -128,7 +128,7 @@ public final class ResourceDomainConfiguration extends GlobalConfiguration {
                return FormValidation.error(Messages.ResourceDomainConfiguration_SameAsJenkinsRoot());
            }
        } catch (Exception ex) {
-            LOGGER.log(Level.CONFIG, "Failed to create URL from the existing Jenkins root URL", ex);
+            LOGGER.log(Level.CONFIG, "Failed to create URL from the existing Jenkins URL", ex);
            return FormValidation.error(Messages.ResourceDomainConfiguration_InvalidRootURL(ex.getMessage()));
        }


--- a/core/src/main/resources/jenkins/diagnostics/RootUrlNotSetMonitor/message.properties
+++ b/core/src/main/resources/jenkins/diagnostics/RootUrlNotSetMonitor/message.properties
-urlIsNull=Jenkins root URL is empty but is required for the proper operation of many Jenkins features like email notifications, \
+urlIsNull=Jenkins URL is empty but is required for the proper operation of many Jenkins features like email notifications, \
 PR status update, and environment variables such as <code>BUILD_URL</code>.
-urlIsInvalid=Jenkins root URL seems to be invalid. It is required for the proper operation of many Jenkins features like email notifications, \
+urlIsInvalid=Jenkins URL seems to be invalid. It is required for the proper operation of many Jenkins features like email notifications, \
 PR status update, and environment variables such as <code>BUILD_URL</code>.
 actionToTake=Please provide an accurate value in {0}.
 actionUrlContent=Jenkins configuration
--- a/core/src/main/resources/jenkins/security/Messages.properties
+++ b/core/src/main/resources/jenkins/security/Messages.properties
@@ -33,18 +33,18 @@ QueueItemAuthenticatorMonitor.DisplayName=Access Control for Builds
 Token.Created.on=Token created on {0}

 ResourceDomainConfiguration.DisplayName=Resource Domain Recommendation
-ResourceDomainConfiguration.NeedsRootURL=Can only set resource root URL if regular root URL is set.
-ResourceDomainConfiguration.InvalidRootURL=Jenkins root URL is set to an invalid value, please report a bug: {0}
-ResourceDomainConfiguration.Empty=Without a resource root URL, resources will be served from the main domain with Content-Security-Policy set.
+ResourceDomainConfiguration.NeedsRootURL=Can only set resource root URL if Jenkins URL is set.
+ResourceDomainConfiguration.InvalidRootURL=Jenkins URL is set to an invalid value, please report a bug: {0}
+ResourceDomainConfiguration.Empty=Without a resource root URL, resources will be served from the Jenkins URL with Content-Security-Policy set.
 ResourceDomainConfiguration.NotJenkins=The specified URL does not appear to point to a Jenkins instance.
 ResourceDomainConfiguration.ThisJenkins=The specified URL is a valid resource root URL candidate.
 ResourceDomainConfiguration.OtherJenkins=The specified URL points to a different Jenkins instance.
-ResourceDomainConfiguration.SomeJenkins=The specified URL points to a Jenkins instance, but failed to determine whether it is this or another instance.
-ResourceDomainConfiguration.ResourceResponse=The specified URL points to a previously set up Jenkins resource URL.
+ResourceDomainConfiguration.SomeJenkins=The specified URL points to a Jenkins instance, but could not determine whether it is this or another instance.
+ResourceDomainConfiguration.ResourceResponse=The specified URL points to a previously set up resource root URL.
 ResourceDomainConfiguration.FailedIdentityCheck=An error occurred when checking the instance identity at that URL: {0} {1}
 ResourceDomainConfiguration.Exception=An exception occurred with the URL: {0}
 ResourceDomainConfiguration.IOException=Failed to connect: {0}
 ResourceDomainConfiguration.Invalid=Not a valid URL.
-ResourceDomainConfiguration.SameAsJenkinsRoot=Cannot use the same host name for both Jenkins root URL and resource root URL.
+ResourceDomainConfiguration.SameAsJenkinsRoot=Cannot use the same host name for both Jenkins URL and resource root URL.
 ResourceDomainConfiguration.SameAsCurrent=You are currently accessing Jenkins through a URL similar to the proposed resource root URL. Saving this URL might remove your access to Jenkins.

--- a/core/src/main/resources/jenkins/security/ResourceDomainConfiguration/config.jelly
+++ b/core/src/main/resources/jenkins/security/ResourceDomainConfiguration/config.jelly
@@ -25,7 +25,7 @@ THE SOFTWARE.
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:f="/lib/form">
    <f:section title="${%Serve resource files from another domain}">
-        <f:entry title="${%Resource root URL}" field="url">
+        <f:entry title="${%Resource Root URL}" field="url">
            <f:textbox checkMethod="post"/>
        </f:entry>
    </f:section>

--- a/core/src/main/resources/jenkins/security/ResourceDomainConfiguration/help-url.html
+++ b/core/src/main/resources/jenkins/security/ResourceDomainConfiguration/help-url.html
@@ -6,12 +6,12 @@
 </p>
 <p>
    If the resource root URL is defined, Jenkins will instead redirect requests for user-created resource files to URLs starting with the URL configured here.
-    These URLs will not set the CSP header, allowing Javascript and similar features to work.
+    These URLs will not set the CSP header, allowing JavaScript and similar features to work.
    For this option to work as expected, the following constraints and considerations apply:
 </p>
 <ul>
-    <li>The resource root URL must be a valid alternative choice for the Jenkins root URL for requests to be processed correctly.</li>
-    <li>The Jenkins root URL must be set and it must be different from this resource root URL (in fact, a different host name is required).</li>
+    <li>The resource root URL must be a valid alternative choice for the Jenkins URL for requests to be processed correctly.</li>
+    <li>The Jenkins URL must be set and it must be different from this resource root URL (in fact, a different host name is required).</li>
    <li>
        Once set, Jenkins will only serve resource URL requests via the resource root URL.
        All other requests will get <em>HTTP 404 Not Found</em> responses.
@@ -48,4 +48,4 @@
    Resource URLs encode the URL, the user for which they were created, and their creation timestamp.
    Additionally, this string contains an <a href="https://en.wikipedia.org/wiki/HMAC" rel="noopener noreferrer" target="_blank">HMAC</a> to ensure the authenticity of the URL.
    This prevents attackers from forging URLs that would grant them access to resource files as if they were another user.
-</p>
\ No newline at end of file
+</p>
--- a/core/src/main/resources/jenkins/security/ResourceDomainRecommendation/message.groovy
+++ b/core/src/main/resources/jenkins/security/ResourceDomainRecommendation/message.groovy
@@ -29,11 +29,10 @@ def l = namespace(lib.LayoutTagLib)
 dl {
    div(class: "alert alert-info") {
        a(name: "resource-root-url")
-
        l.isAdmin() {
-            form(method: "post", action: "${rootURL}/${my.url}/act") {
-                f.submit(name: 'redirect', value: _("Go to resource root URL configuration"))
-                f.submit(name: 'dismiss', value: _("Dismiss"))
+          form(method: "post", action: "${rootURL}/${my.url}/act") {
+              f.submit(name: 'redirect', value: _("Configure resource root URL"))
+              f.submit(name: 'dismiss', value: _("Dismiss"))
            }
        }


--- a/core/src/main/resources/jenkins/security/ResourceDomainRecommendation/message.properties
+++ b/core/src/main/resources/jenkins/security/ResourceDomainRecommendation/message.properties
 blurb = The default Content-Security-Policy is currently overridden using the <code>hudson.model.DirectoryBrowserSupport.CSP</code> system property, which is a potential security issue when browsing untrusted files. \
-  As an alternative, you can set up a <strong>Resource Root URL</strong> that Jenkins will use to serve some static files without adding <code>Content-Security-Policy</code> headers.
+  As an alternative, you can set up a <strong>resource root URL</strong> that Jenkins will use to serve some static files without adding <code>Content-Security-Policy</code> headers.
--- a/core/src/test/java/jenkins/util/UrlHelperTest.java
+++ b/core/src/test/java/jenkins/util/UrlHelperTest.java
@@ -150,7 +150,7 @@ public class UrlHelperTest {

    @Test
    @Issue("SECURITY-1471")
-    public void ensureJavascriptSchemaIsNotAllowed() {
+    public void ensureJavaScriptSchemaIsNotAllowed() {
        assertFalse(UrlHelper.isValidRootUrl("javascript:alert(123)"));
    }
 }
--- a/test/src/test/java/jenkins/security/stapler/DoActionFilterTest.java
+++ b/test/src/test/java/jenkins/security/stapler/DoActionFilterTest.java
@@ -171,7 +171,7 @@ public class DoActionFilterTest extends StaplerAbstractTest {
        public void doAnnotatedRequirePost() { replyOk(); }
        
        @JavaScriptMethod
-        public void annotatedJavascriptScriptMethod() { replyOk(); }
+        public void annotatedJavaScriptScriptMethod() { replyOk(); }
        
        @RespondSuccess
        public void doAnnotatedResponseSuccess() { replyOk(); }
@@ -332,7 +332,7 @@ public class DoActionFilterTest extends StaplerAbstractTest {
    }
    
    @Test
-    public void testAnnotatedMethodOk_annotatedJavascriptScriptMethod() throws Exception {
+    public void testAnnotatedMethodOk_annotatedJavaScriptScriptMethod() throws Exception {
        webApp.setCrumbIssuer(new CrumbIssuer() {
            @Override
            public String issueCrumb(StaplerRequest request) {
@@ -346,7 +346,7 @@ public class DoActionFilterTest extends StaplerAbstractTest {
        });
        
        
-        WebRequest settings = new WebRequest(new URL(j.getURL(), "testNewRulesOk/annotatedJavascriptScriptMethod/"));
+        WebRequest settings = new WebRequest(new URL(j.getURL(), "testNewRulesOk/annotatedJavaScriptScriptMethod/"));
        settings.setAdditionalHeader("Content-Type", "application/x-stapler-method-invocation");
        settings.setHttpMethod(HttpMethod.POST);
        settings.setRequestBody(JSONArray.fromObject(Collections.emptyList()).toString());

--- a/war/src/main/webapp/scripts/hudson-behavior.js
+++ b/war/src/main/webapp/scripts/hudson-behavior.js
@@ -515,8 +515,8 @@ function registerValidator(e) {
            try {
                return eval(url); // need access to 'this', so no 'geval'
            } catch (e) {
-                if (window.console!=null)  console.warn("Legacy checkUrl '" + url + "' is not valid Javascript: "+e);
-                if (window.YUI!=null)      YUI.log("Legacy checkUrl '" + url + "' is not valid Javascript: "+e,"warn");
+                if (window.console!=null)  console.warn("Legacy checkUrl '" + url + "' is not valid JavaScript: "+e);
+                if (window.YUI!=null)      YUI.log("Legacy checkUrl '" + url + "' is not valid JavaScript: "+e,"warn");
                return url; // return plain url as fallback
            }
        } else {