Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41891

Serve static files from second domain as an alternative to setting CSP

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • jenkins-2.200

      Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

      We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.

          [JENKINS-41891] Serve static files from second domain as an alternative to setting CSP

          Daniel Beck created issue -
          Daniel Beck made changes -
          Labels New: security
          Daniel Beck made changes -
          Link New: This issue is related to SECURITY-328 [ SECURITY-328 ]
          Daniel Beck made changes -
          Link New: This issue is related to SECURITY-664 [ SECURITY-664 ]
          Daniel Beck made changes -
          Description Original: Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

          We need second domain support for static resources such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
          New: Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

          We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
          Jesse Glick made changes -
          Remote Link New: This issue links to "CloudBees-internal issue (Web Link)" [ 23609 ]
          Matt Sicker made changes -
          Assignee New: Matt Sicker [ jvz ]
          Daniel Beck made changes -
          Assignee Original: Matt Sicker [ jvz ] New: Daniel Beck [ danielbeck ]
          Daniel Beck made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Daniel Beck made changes -
          Remote Link New: This issue links to "PR 4239 (Web Link)" [ 23732 ]

            danielbeck Daniel Beck
            danielbeck Daniel Beck
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: