Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.
We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
- relates to
-
JENKINS-59849 Spaces don't work in resource root paths
-
- Closed
-
-
JENKINS-59874 Support resource domain
-
- Open
-
- links to
[JENKINS-41891] Serve static files from second domain as an alternative to setting CSP
Labels | New: security |
Link | New: This issue is related to SECURITY-328 [ SECURITY-328 ] |
Link | New: This issue is related to SECURITY-664 [ SECURITY-664 ] |
Description |
Original:
Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason. We need second domain support for static resources such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well. |
New:
Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason. We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well. |
Remote Link | New: This issue links to "CloudBees-internal issue (Web Link)" [ 23609 ] |
Assignee | New: Matt Sicker [ jvz ] |
Assignee | Original: Matt Sicker [ jvz ] | New: Daniel Beck [ danielbeck ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Remote Link | New: This issue links to "PR 4239 (Web Link)" [ 23732 ] |