Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41891

Serve static files from second domain as an alternative to setting CSP

    XMLWordPrintable

Details

    • jenkins-2.200

    Description

      Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

      We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-59849 Spaces don't work in resource root paths

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-59874 Support resource domain

          • Major - Major loss of function.
          • Open
          links to

          Web Link CloudBees-internal issue

          Web Link PR 4239

          Activity

            Ascending order - Click to sort in descending order
            danielbeck Daniel Beck created issue -
            danielbeck Daniel Beck made changes -
            Field Original Value New Value
            Labels security
            danielbeck Daniel Beck made changes -
            Link This issue is related to SECURITY-328 [ SECURITY-328 ]
            danielbeck Daniel Beck made changes -
            Link This issue is related to SECURITY-664 [ SECURITY-664 ]
            danielbeck Daniel Beck made changes -
            Description Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

            We need second domain support for static resources such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.             		Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

            We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
            jglick Jesse Glick made changes -
            Remote Link This issue links to "CloudBees-internal issue (Web Link)" [ 23609 ]
            jvz Matt Sicker made changes -
            Assignee Matt Sicker [ jvz ]
            danielbeck Daniel Beck made changes -
            Assignee Matt Sicker [ jvz ] Daniel Beck [ danielbeck ]
            danielbeck Daniel Beck made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            danielbeck Daniel Beck made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            danielbeck Daniel Beck made changes -
            Remote Link This issue links to "PR 4239 (Web Link)" [ 23732 ]
            danielbeck Daniel Beck made changes -
            Released As jenkins-2.200
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Closed [ 6 ]
            jsoref Josh Soref made changes -
            Link This issue relates to JENKINS-59849 [ JENKINS-59849 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-59874 [ JENKINS-59874 ]

            People

              danielbeck Daniel Beck
              danielbeck Daniel Beck
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: