Menu
I have a Jenkins job, where I generate an HTML-Page as a post buildstep, containing an image link ( HTML img tag). This HTML page is published by the HTMLPublisher Plugin for each job.
This has always worked great. But since I have updated Jenkins to v. 1.643, I only see a blank page when I click the published HTML page.
I've tried out a lot of things and found out the following strange behaviour: Since the update, I cannot embed external links into the HTML-pages I publish. If I embed an image from an external location (img src="somelocation/xxx.jpg), the image won't be displayed.
If I examine the HTML page with Firefox, I can see that the image tag is greyed out like it was invisible, but it is not.
If I embed a normal hyperlink, pointing to an external location, I can see the link in the displayed page, but when I click on it, nothing happens.
It is like Jenkins would not permit external links in this context.
Please help me out here :)
Thank you!
Edit:
Thanks to Dave Bacher, he gave me the right hint. Look at this page to see Jenkins' new security policy.
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy#ConfiguringContentSecurityPolicy-Implementation
You have to relax the rules, so that embedding external images is allowed again.
For testing it, just type the following in your script console:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox; img-src *;")
This will allow embedding images from any external website.
If you run Jenkins on Ubuntu and you want to set this permanently, just edit the file /etc/default/jenkins. Under # arguments to pass to java add the following line:
JAVA_ARGS="-Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox; img-src *;\""
343
The HTML Publisher plugin is useful to publish HTML reports that your build generates to the job and build pages. It is designed to work with both Freestyle projects as well as being used in a Jenkins Pipeline.
What you can do is, "Add" multiple reports under "Publish HTML Reports". The reports folder path is relative to workspace. You have to mention report path folder, file name(s) and report title.
The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.
The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:
If its value is the empty string, e.g.
java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.warthen the header will not be sent at all.(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.
You can experiment with different settings using the Jenkins Script Console.
Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).
97
I know the original question was for Linux, but this will also help out the Windows users... If you have Jenkins installed as a service (starting from Jenkins.exe) you will need to change the arguments in jenkins.xml for that property to persist.
If you are going to use the unsafe blank option remember to put the parameter in quotes. Below is my example line from jenkins.xml:
<arguments>-Xrs -Xmx1048m -XX:MaxPermSize=512m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= " -jar "%BASE%\jenkins.war" --httpPort=8080</arguments>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
