Automatically allow GitLab project URLs in Jenkins 2.539+ CSP

XMLWordPrintable

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Minor
    • Component/s: gitlab-logo-plugin
    • Environment:
      Jenkins 2.539+

      https://www.jenkins.io/changelog/2.539/ allows protecting the classic Jenkins UI with Content Security Policy.

      The default rule set prohibits loading images from other domains.

      The plugin should be improved to allow loading these images.

      Docs: https://www.jenkins.io/doc/developer/security/csp/#resources-loaded-from-other-domains

      (There's also AvatarContributor#allow as an easy core API to call, but it will allow the entire domain.)

      I'd be happy to propose a fix, but I lack a test environment to confirm my PR would work.

            Assignee:
            Unassigned
            Reporter:
            Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: