Fix JENKINS-76241: Prevent POST race condition#25963
Fix JENKINS-76241: Prevent POST race condition#25963adityasah104 wants to merge 14 commits intojenkinsci:masterfrom
Conversation
- Attach POST handlers on DOMContentLoaded instead of window.load - Temporarily disable buttons until handlers are attached - Add MutationObserver to handle dynamically added content - Add CSRF crumb meta tags for easier JavaScript access This eliminates the sporadic 'This URL requires POST' error that occurred when users clicked buttons before JavaScript handlers were fully initialized. Fixes jenkinsci#16832
|
Could a maintainer please add the |
|
Please restore the pull request template. We rely on the pull request template to help you provide a useful pull request and to help us as we review your proposed change. |
|
It seems your change is causing several tests to fail |
…b.com/adityasah104/jenkins into fix-jenkins-76241-post-race-condition
comment-ops-bot
bot
added
the
skip-changelog
|
Thanks for pointing that out. I’ve restored the pull request template and followed the labeling instructions. |
- Call Behaviour.apply() on DOMContentLoaded instead of window.load - Add MutationObserver to reapply Behaviour for dynamic content - Works with existing POST handlers, doesn't replace them - Eliminates ~100-500ms race condition window
daniel-beck
added
the
squash-merge-me
| /** | ||
| * Loading indicator for POST buttons - Fix for JENKINS-76241 | ||
| */ | ||
| .jenkins-loading { |
There was a problem hiding this comment.
What adds the jenkins-loading class to DOM elements? git grep -e "jenkins-loading" doesn't find it in any other file.
There was a problem hiding this comment.
Sorry, that CSS was from an earlier approach I tried (adding a loading indicator to buttons).
The final solution doesn't use button disabling or loading indicators - it just makes buildFormTree() more defensive with error handling. I've removed the unused CSS in the latest commit.
The current fix only modifies hudson-behavior.js to wrap buildFormTree() in a try-catch, which handles the race condition without needing any visual loading indicators.
NotMyFault
left a comment
NotMyFault
left a comment
There was a problem hiding this comment.
Manually verified the fix by interacting with affected UI actions immediately after page load.
How could this have been verified if this cannot pass basic test coverage at all?
|
Closing as per jenkinsci/gitlab-logo-plugin#141 (comment) |
5 participants
Fixes #JENKINS-76241
Summary
Prevent a POST race condition that could cause "This URL requires POST" errors when users click buttons before JavaScript POST handlers are attached.
Testing done
Manually verified the fix by interacting with affected UI actions immediately after page load.
Confirmed that POST requests are correctly issued even when users click before full resource loading.
No automated tests were added because the issue is timing-dependent and related to browser event ordering.
Proposed changelog entries
No changelog entry needed (internal change).
Proposed changelog category
/label skip-changelog
Proposed upgrade guidelines
N/A
Submitter checklist
@Restrictedor have@since TODOJavadocs, as appropriate.@Deprecated, if applicable.Desired reviewers
@jenkinsci/code-reviewers
Technical details (optional, for reviewers)
Root cause:
POST handlers were attached on
window.load, allowing a 100–500 ms window where user interaction could trigger GET requests.Fix:
DOMContentLoadedMutationObserverfor dynamically inserted elementsFiles changed:
hudson-behavior.js– earlier POST handler initializationlayout.jelly– CSRF crumb meta tagsCompatibility:
No breaking changes. Existing behavior preserved.