Jenkins HTML Publisher Plugin : allow script permission issue

会有一股神秘感。 提交于 2020-11-30 05:35:57

问题


I'm trying to report my .html file with HTML publisher plugin in Jenkins however,since HTML publisher is updated to version 1.10, can't publish HTML.

Error message I'm getting:

Blocked script execution in '{mydomain}' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': The document is sandboxed and lacks the 'allow-same-origin' flag.

I found this doc: https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

It tells about CSP.

I run Jenkins with arg :

/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1 

but still got same error above.

what i tried args :

 1. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src 'self';"
 2. -Dhudson.model.DirectoryBrowserSupport.CSP=
 3. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; default-src *;"
 4. -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src *;"    

.html is located in :

{mydomain}/job/{job_name}/Doc/index.html

回答1:


Can you have a try with a blank CSP option?

/usr/bin/java -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP= -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1

On my Jenkins instance, it solved my reporting issues.

I know it's not a safe option, but I didn't find another solution :(




回答2:


I faced similar issue I found and applied following solution:

Steps:

  1. Go to the Jenkins Admin page (login as admin).
  2. Go to Manage Jenkins -> Script Console
  3. Then in the script console copy paste following it made it work

Snippet: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src *; style-src * http://* 'unsafe-inline' 'unsafe-eval'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'");

This link provides more details on each of the parameters that we have set in the above code line.

Note for Persistency in jenkins configuration: @RayKim mentioned this is not a sustainable change. If you want to keep this change permanently then in that case you should set this property values up in the JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.remoting.Launcher.pingIntervalSec=0"

After setting this variable you have to restart your Jenkins to load the new configuration.



来源:https://stackoverflow.com/questions/36446279/jenkins-html-publisher-plugin-allow-script-permission-issue

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!