• Type: Task
• Resolution: Fixed
• Priority: Critical
• Component/s: gatling-plugin
• Labels:

  • documentation
  • security
• Environment:

  Jenkins 1.625.3 LTS/Jenkins 1.641 and later.

[JENKINS-32038] Document needed Content-Security-Policy Settings for Gatling Reports

Kenneth Baltrinic created issue - 2015-12-11 22:25

Kenneth Baltrinic made changes - 2015-12-11 22:27

Description

Original: Per [the Jenkins Wiki|https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy], Jenkins now sets a restrictive content security policy header that breaks the Gatling reports as no JavaScript is allowed to run on the pages. In our brief experimentation, we found it necessary to completely remove the header (Set {{-Dhudson.model.DirectoryBrowserSupport.CSP= }}) in order to restore functionality. At a minimum setting this needs to be documented for this plugin. Ideally if you can determine a less promiscuous CSP setting that could be set so that we don't have to totally disable CSP, that would be great.

New: Per [the Jenkins Wiki|https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy], Jenkins now sets a restrictive content security policy header that breaks the Gatling reports as no JavaScript is allowed to run on the pages. In our brief experimentation, we found it necessary to completely remove the header (Set -Dhudson.model.DirectoryBrowserSupport.CSP= ) in order to restore functionality. At a minimum setting this needs to be documented for this plugin. Ideally if you can determine a less promiscuous CSP setting that could be set so that we don't have to totally disable CSP, that would be great.

R. Tyler Croy made changes - 2016-07-25 23:52

Workflow

Original: JNJira [ 167513 ]

New: JNJira + In-Review [ 182769 ]

Cédric Cousseran made changes - 2017-04-12 12:50

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]