-
Bug
-
Resolution: Unresolved
-
Minor
-
None
https://github.com/jenkinsci/htmlpublisher-plugin/pull/22 Enabled some level of basic CSP compatibility.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
Jenkins ver. 2.99;
Scoverage Plugin 1.3.3
The CSP that I get when I load reports has:
Content-Security-Policy:sandbox; default-src 'none'; img-src 'self'; style-src 'self';
Scoverage HTML Report
Refused to load the stylesheet 'https://cdnjs.cloudflare.com/ajax/libs/pure/0.3.0/pure-min.css' because it violates the following Content Security Policy directive: "style-src 'self'". Refused to frame ... because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
(see also JENKINS-48764)