Menu
I'm trying to report my .html file with HTML publisher plugin in Jenkins
however,since HTML publisher is updated to version 1.10, can't publish HTML.
Error message I'm getting:
Blocked script execution in '{mydomain}' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': The document is sandboxed and lacks the 'allow-same-origin' flag.
I found this doc: https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
It tells about CSP.
I run Jenkins with arg :
/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
but still got same error above.
what i tried args :
1. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src 'self';"
2. -Dhudson.model.DirectoryBrowserSupport.CSP=
3. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src *;"
4. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src *;"
.html is located in :
{mydomain}/job/{job_name}/Doc/index.html
821
The HTML Publisher plugin is useful to publish HTML reports that your build generates to the job and build pages. It is designed to work with both Freestyle projects as well as being used in a Jenkins Pipeline.
When you're logged in, go to Settings and choosing Update center. Here you can see a list of installed plugins. Select the Available plugins section and install the JavaScript language plugin. We're also going to add another plugin to improve the integration with Jenkins, namely the Build breaker plugin.
For me above didn't work;
I tried this
Manage Jenkins -> Script Console Copy-paste this
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
For permanent solution: Add the following to JAVA_ARGS under /etc/default/jenkins:
-Dhudson.model.DirectoryBrowserSupport.CSP=""
I faced similar issue I found and applied following solution:
Steps:
Snippet: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src *; style-src * http://* 'unsafe-inline' 'unsafe-eval'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'");
This link provides more details on each of the parameters that we have set in the above code line.
Note for Persistency in jenkins configuration:
@RayKim mentioned this is not a sustainable change. If you want to keep this change permanently then in that case you should set this property values up in the JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.remoting.Launcher.pingIntervalSec=0"
After setting this variable you have to restart your Jenkins to load the new configuration.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
