Skip to content

[JENKINS-74796] Avoid unauthenticated clone requests #1690

Description

@jenkins-infra-bot

The normal workflow for git with http/https URLs is to first try to access the URL unauthenticated and only send credentials after that requests was denied with a 401 HTTP response. This might interact badly with git host rate limiting (see, for example https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147112 in GitLab) or even external rate-limiting in WAFs.

Git acquired a new option (http.proactiveAuth) in v2.46.0, which avoids this step. It would be nice if Jenkins could set this flag on clone/fetch operations.

For reference: This is something that actually happened to me: Multiple CI jobs (mixed GitLab Runner & Jenkins CI nodes) were running on the same k8s node and their combined Git requests triggered a rate-limit of that IP in GitLab


Originally reported by tgr, imported from: Avoid unauthenticated clone requests
  • status: Open
  • priority: Minor
  • component(s): git-client-plugin
  • resolution: Unresolved
  • votes: 0
  • watchers: 2
  • imported: 20251211-071809
Raw content of original issue

The normal workflow for git with http/https URLs is to first try to access the URL unauthenticated and only send credentials after that requests was denied with a 401 HTTP response. This might interact badly with git host rate limiting (see, for example https://gitlab.com/gitlab-org/gitlab/-/merge_requests/147112 in GitLab) or even external rate-limiting in WAFs.

Git acquired a new option (http.proactiveAuth) in v2.46.0, which avoids this step. It would be nice if Jenkins could set this flag on clone/fetch operations.

For reference: This is something that actually happened to me: Multiple CI jobs (mixed GitLab Runner & Jenkins CI nodes) were running on the same k8s node and their combined Git requests triggered a rate-limit of that IP in GitLab

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions