Same issue for me.

Same thing here

On my chrome, 47.0.2526.106 m, the same bug

The bug appeared after I updated version jenkins from 1.616 to 1.625.3

This is likely a result of the security content in Jenkins 1.625.3 and 1.641:

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

Has suggested by the links provided, I was able to get around the issue by adding:
java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war

In my service startup file.

Same issue from Jenkins ver. 1.643.

This is a duplicate of JENKINS-32077.

Resolved the other issue and referred users back to this one.

Same thing here, and -Dhudson.model.DirectoryBrowserSupport.CSP= temporary solve the problem

In my case this helped:

I added

-Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-scripts allow-same-origin; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;\"

to $JENKINS_JAVA_OPTIONS.

JFYI, this is not a proper solution, just a workaround. It weakens a security feature called Content Security Policy. You need to be sure that disabling it is suitable for you.

Thank you selurvedu, your work around works for me. But I always get nervous disabling security features, even for private sites behind a firewall. Is there a better long term solution for this issues, will the robot framework people need to be involved?

same issue, any updates on this? I am using Ubuntu
SMP Tue Oct 28 13:30:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Jenkins 2.0

For resolve your problem you must :

Connect on your jenkins url (http://[IP]:8080/)
Click on administer Jenkins
Click on consol jenkins
Copy this into the field and execute :
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")

tarik_remous As this undermines an important security feature, it cannot be more than a short to medium term workaround until the plugin is adapted in some way to handle it. Please reconsider your stance.

I just updated my answer, in essence, I added allow-same-origin after sandbox allow-scripts. That is needed to make report.html work properly in Chromium-based browsers (no test cases were shown in report.html). I think this should be in tarik_remous's answer as well.

FWIW, Safari has the same issue. Another workaround is using wget or curl to grab the file onto another server, and view the log.html files there.

This issue is impacting the OpenDaylight project, from what I see here the proposed solutions are temporary workarounds that btw did not work in our environment. So any plan to fix this in the robot-plugin code?

Same problem, is there a way to back off from this version? This breaks my org's excitement over Jenkins and Robot

To workaround in firefox:
Go to page about:config
Set security.csp.enable = false

For chrome we can use this plugin: Disable Content-Security-Policy

tarik_remous FYI I have a work in progress library plugin that has already been incorporated in Cucumber Reports Plugin to make it work. You may be able to adapt that approach for your plugin.

https://github.com/daniel-beck/jenkins-checksum-archive-demo-plugin
https://github.com/jenkinsci/cucumber-reports-plugin/pull/66

While archiving HTML reports and serving them verbatim is still (and will remain) a flawed approach for Jenkins, this is at least an improvement over the current implementation (with CSP having to be disabled on the Jenkins side).

Hi everyone, any solution on this problem? Thanks

Opening Robot Framework log failed

Verify that you have JavaScript enabled in your browser.
Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.

edsherwin

To workaround in firefox:
Go to page about:config
Set security.csp.enable = false

For chrome we can use this plugin: Disable Content-Security-Policy

gurpreet2958

This works for me. Thanks a lot.

A more universal workaround is described [here](http://stackoverflow.com/a/36996036/451962).

To fix this error add below entry to Jenkins configuration file (jenkins.xml):
-Dhudson.model.DirectoryBrowserSupport.CSP=
and restart Jenkins (with http://(jenkins_url)/safeRestart).

I've been using SCP plugin to publish the resulting log.html out to a directory I can grab it from. Sort of a way of dealing with this. However it would be extremely nice to be able to have this working without a work around. Is there any update on this?

vipsaran

Hi Robert,

Can you please elaborate where to find the jenkins.xml file?:)Cannot find it.

Thanks

xiaoyiw

%JENKINS_HOME%\jenkins.xml

 <arguments>-Xrs -Xmx512m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dhudson.model.DirectoryBrowserSupport.CSP= -jar "%BASE%\jenkins.war" --httpPort=8080</arguments>

Thanks for replying cjuroz, this seems to be the method for Windows based Jenkins I guess, since I cannot find the jenkins.xml file any where. I'm using Ubuntu based Jenkins. I found the solution here: http://askubuntu.com/questions/770526/configure-jenkins-csp-for-ubuntu-service

Thanks for telling us xiaoyiw

I have the same problem, hope to fix it soon. Now I execute the command System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")  to solve it. 

changming1988 you will need to execute that command every time Jenkins restarts.  To have Jenkins automatically apply this, get your Jenkins administrator to add a disable_content_security_policy.groovy file under ${JENKINS_HOME}/init.groovy.d with contents similar to the following:

https://github.com/bkhouri/jenkins_support/blob/master/init.groovy.d/disable_content_security_policy.groovy

Can we mark this JIRA as critical as having to circumvent Jenkins CSP is not ideal.

Possbile solution to study used in Cucumber-plugin:

https://github.com/jenkinsci/cucumber-reports-plugin/pull/66/files

Still facing the issue in Jenkins ver. 2.107.2 for opening report.html of Robot framework.
Log.html file is coming after workaround suggested, but report.html still displays the same error

subodh2691 the workaround does work, though. I'd suggest you double check have you employed it correctly.

Yeah it worked. There was a caching issue which was resolved later. I will mark this closed

Should not have been closed to begin with

subodh2691 This is not your issue, why on earth do you think you can close it?!

does anybody have permanent solution for this? I can able to resolve this as temporary by adding following in the script console in manage Jenkins System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;") but every time Jenkins server restart changes disappeared. any permanent solution for this?

My team gave up on doing the work around. We just shuffle the robot logs off to a different storage static web host, along with a lot of logs that Jenkins doesn't capture for us anyway.

dinesh18 Since Jenkins 2.200, it has encouraged the use of a Resource Root URL to show external resources (such as Robot Framework log.html). I've updated the plugin documentation, which has a link to Configuring content security policy.

Since the ticket is about adding documentation, I'm closing this as done.