Issue
I'm trying to report my .html
file with HTML publisher plugin in Jenkins
however,since HTML publisher is updated to version 1.10, can't publish HTML.
Error message I'm getting:
Blocked script execution in '{mydomain}' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': The document is sandboxed and lacks the 'allow-same-origin' flag.
I found this doc: https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
It tells about CSP.
I run Jenkins with arg :
/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
but still got same error above.
what i tried args :
1. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src 'self';"
2. -Dhudson.model.DirectoryBrowserSupport.CSP=
3. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src *;"
4. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src *;"
.html is located in :
{mydomain}/job/{job_name}/Doc/index.html
Solution
Can you have a try with a blank CSP option?
/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP= -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
On my Jenkins instance, it solved my reporting issues.
I know it's not a safe option, but I didn't find another solution :(
Answered By - Bruno Lavit
Answer Checked By - David Goodson (JavaFixing Volunteer)