Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24803

Scoverage shouldn't load external static content

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • scoverage-plugin
    • None

      Since Jenkins usually runs over HTTPS browsers (in our case Firefox but Chrome behaves afaik the same way) will block external content pulled via HTTP due security concerns with the following error message:
      locked loading mixed active content "http://yui.yahooapis.com/pure/0.3.0/pure-min.css"

      The issue and reason is described further at https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

      The yahooapi is also available over HTTPS, but the cert is not valid since the certificate of Akamai (and one of their URLs) is presented. Which leads to same problem as before.

      thx

          [JENKINS-24803] Scoverage shouldn't load external static content

          WynX Alucard added a comment -

          Same here. Serving Jenkins over HTTPS gives a lot of problems with this plugin that pulls in many external resources. I'd recommend to distribute the scripts and stylesheets with the plugin if at all possible.

          At least the following:
          http://yui.yahooapis.com/pure/0.3.0/pure-min.css

          Available on https as well (I use CSP upgrade-insecure-requests):
          ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
          cdnjs.cloudflare.com/ajax/libs/jquery.tablesorter/2.20.1/css/theme.default.min.css
          cdnjs.cloudflare.com/ajax/libs/jquery.tablesorter/2.20.1/js/jquery.tablesorter.min.js
          netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css
          netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js

          WynX Alucard added a comment - Same here. Serving Jenkins over HTTPS gives a lot of problems with this plugin that pulls in many external resources. I'd recommend to distribute the scripts and stylesheets with the plugin if at all possible. At least the following: http://yui.yahooapis.com/pure/0.3.0/pure-min.css Available on https as well (I use CSP upgrade-insecure-requests): ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js cdnjs.cloudflare.com/ajax/libs/jquery.tablesorter/2.20.1/css/theme.default.min.css cdnjs.cloudflare.com/ajax/libs/jquery.tablesorter/2.20.1/js/jquery.tablesorter.min.js netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js

            Unassigned Unassigned
            winnie sergej schmidt
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: