We're setting up a fresh instance of Jenkins and are finding that the "Resource root URL" is empty by default. I've read the Jenkins documentation on this and the (few) stackoverflow responses, but I'm still unclear how to fill this field. In our case, we are using a rented server instance with a dedicated external IP address (a dotted-quad) but without a domain name. BTW, the "Jenkins URL" seems to be properly set to our external dotted-quad address.
Thanks!
As far as I know you need two distinct domains pointing to the same Jenkins instance. This seems to be a restriction of the frame-ancestors
directive of Content-Security-Policy, see the 6th comment to JENKINS-41891.
In short the CSP (Content-Security-Policy) is a security feature that restricts the browser from including foreign resources (like e.g. images and CSS) or from executing external scripts.
In the context of Jenkins the CSP is used to restrict user provided content (like e.g. a published Maven site) from messing/interacting with Jenkins. Without it a developer without administrative rights in Jenkins but being able to include scripts in a Maven site (i.e. with commit rights to the source repository) could possibly trigger administrative Jenkins tasks as soon as an administrator browses the published Maven site containing this malicious script.
The problem is, often you want to have scripts on user generated content published by Jenkins. But because of the security risk the CSP blocks them nevertheless.
So you have these options:
So, if you want to use the Resource root URL, you need two domains (or one domain and one IP) for it to work. You should then be able to set up your Jenkins like this:
In this example both of jenkins.example.org
and jenkins-static.example.org
point to the same IP.
Please note that all of the above is written by a non security and non Jenkins expert, so it might not be 100% accurate. But it should get the idea across.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With