Question: My HTML reports don't render fully when viewed from Jenkins. Why?
...
Answer: By default, Content Security Policy header is set to a very restrictive default set of permissions to protect Jenkins users from malicious HTML/JS files in workspaces.
Content Security Policy can be relaxed according to these steps: https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy.
The following command helps render packager, forecast and deploy HTML reports.
In Jenkins, go to "Manage Jenkins"
Click on "Script Console"
Run the following command:
| Code Block |
|---|
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "img-src 'self' data:;") |
Additional Jenkins Documentation
Alternative Method for making the change permanently:
edit the jenkins.xml in $JENKINS_HOME (eg. C:\Program Files\Jenkins) and
add -Dhudson.model.DirectoryBrowserSupport.CSP="img-src 'self' data:;" to the <service id="jenkins"><arguments> tag aka
| Code Block |
|---|
<arguments>-Xrs -Xmx256m -Dhudson.model.DirectoryBrowserSupport.CSP="\"img-src 'self' data:;\"" -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8080 --webroot="%BASE%\war"</arguments> |
It seems for RedHat, the file to modify is /etc/sysconfig/jenkins and the property is JENKINS_JAVA_OPTIONS.
like this
| Code Block |
|---|
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"img-src 'self' data:;\"" |
the \" are important so that the java parser parses the values correctly.
However this relaxes the security only temporarily ,to make it permanent: