Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Question: My HTML reports don't render fully when viewed from Jenkins. Why?

...

Answer: By default, Content Security Policy header is set to a very restrictive default set of permissions to protect Jenkins users from malicious HTML/JS files in workspaces.

Content Security Policy can be relaxed according to these steps: https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy.

The following command helps render packager, forecast and deploy HTML reports.

  • In Jenkins, go to "Manage Jenkins"

  • Click on "Script Console"

  • Run the following command:

Code Block
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "img-src 'self' data:;")


However this relaxes the security only temporarily

,to make it permanent:edit

. To make the change permanently in the system:

Additional Jenkins Documentation

Alternative Method for making the change permanently:


  • Edit the jenkins.xml in $JENKINS_HOME (eg. C:\Program Files\Jenkins) and

  • add Add -Dhudson.model.DirectoryBrowserSupport.CSP="img-src 'self' data:;" to the <service id="jenkins"><arguments> tag aka:

Code Block
<arguments>-Xrs -Xmx256m -Dhudson.model.DirectoryBrowserSupport.CSP="\"img-src 'self' data:;\"" -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8080 --webroot="%BASE%\war"</arguments>


It seems for
  • For RedHat, the file to modify is /etc/sysconfig/jenkins and the property is JENKINS_JAVA_OPTIONS
.
  • , like this:
Code Block
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"img-src 'self' data:;\""

the \" are important so that the java parser parses the values correctly.