Jenkins Version = 2.346.3
HTML Publisher Version = 1.31
Had an issue with an HTML page that contains a hyperlink to another website on the same domain as the Jenkins controller. The hyperlink would not load the page. I updated the Jenkins default-src to include all websites on our domain (Example: default-src '*.my.domain.com'). After making the setting change to the CSP header in Jenkins, I expected the web page link to work, but it is still being blocked even after I tried to reload the page. Not sure why this isn't working. Note that if I open the html page directly via the artifacts html file, the links work as expected.
Current CSP setting from System.getProperty("hudson.model.DirectoryBrowserSupport.CSP") is as follows:
Result: sandbox; default-src '*.my.domain.com'; img-src 'self'; style-src 'self' 'unsafe-inline';