-
Bug
-
Resolution: Won't Fix
-
Major
-
None
I have a script that does web actions in a web application after opening a chrome browser. I used ScreenCap library to record the script execution. When opening the logs in the machine where the script has executed then able to view the video in log and it's getting played. However, when opening the logs in Jenkins after the execution and publishing results using RobotFramework plugin video is not playing.
Blank space is displaying in log.html after opening it in the browser.
Video template with duration zero is displaying while clicking the empty space in the log.html
If I download the results as a zip from Jenkins and open the log.html from the downloads then able to view video and it is playing
[JENKINS-63503] RobotFramework Plugin - Videos created through ScreenCap Library are not getting played after publishing results in Jenkins
Thank you so much aleksisimell for letting me know the reason for the issue. I opened the log file by setting the property you mentioned from the Script Console and it worked fine.
We need to set this property even for opening the log file, but we get an error Robot Framework log cannot be opened you need to enable javascript when we don't set this property. Here it didn't display an error which made confusion to know what the issue is.
It would be good if we get a solution without compromising on security.
Karthikeya Raja
added a comment - - edited Thank you so much aleksisimell for letting me know the reason for the issue. I opened the log file by setting the property you mentioned from the Script Console and it worked fine.
We need to set this property even for opening the log file, but we get an error Robot Framework log cannot be opened you need to enable javascript when we don't set this property. Here it didn't display an error which made confusion to know what the issue is.
It would be good if we get a solution without compromising on security. karthikeya_raja This same issue has been discussed on several occasions, for example
- https://issues.jenkins-ci.org/browse/JENKINS-32118
- https://issues.jenkins-ci.org/browse/JENKINS-38338
- https://issues.jenkins-ci.org/browse/JENKINS-62027
- https://issues.jenkins-ci.org/browse/JENKINS-32077
The big issue here is that this is something Robot Framework does on its own and it violates Jenkins' security standards. Opening the log files and images can be turned on via workarounds (i.e. setting the CSP header as I mentioned earlier). Not really a fan of explicitly opening vulnerabilities into anyone's Jenkins instance by having the plugin bypass security. This is why we haven't made a "final" solution for this as it's the user's (admin's) responsibility to accept the potential security issues they want to bring in to their Jenkins instance.
I will update the plugin documentation to explain how to implement this workaround.
Karthikeya Raja
added a comment - Thank you aleksisimell Karthikeya Raja
added a comment - Hey aleksisimell - Did you check what we need to set for media-src values instead of setting empty for CSP as it violates securities. Thank you...!
Karthikeya Raja
added a comment - Hey aleksisimell - Did you check what we need to set for media-src values instead of setting empty for CSP as it violates securities. Thank you...! 
karthikeya_raja Hi, this issue is due to Jenkins' CSP settings. By default, they don't really allow anything to be shown. By setting System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "") in your instance's script console, you can disable all CSP settings and the videos will start working. However, this is highly discouraged as explained here. Instead, you should consider setting up a resource root URL, to redirect your Jenkins to display reports without having to compromise your Jenkins security.
If that doesn't work, you can try to relax your Jenkins CSP settings slightly with the help of Content Security Policy reference. I still haven't found the correct premission sets to allow videos to be displayed in Jenkins, but I believe it's based on the media-src permission values.