Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33653

HTML Publisher artifact does not load js script

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: htmlpublisher-plugin
    • Labels:
    • Environment:
      Jenkins Version 1.651
      HTML Publisher plugin: 1:11
      OS: Windows 7 64 bits
    • Similar Issues:

      Description

      Current Jenkins CSP settings:
      Result: sandbox; default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';

      However, when trying to access some TestNG/ReportNG generated reports, the console shows the error message below. Basically I cannot expand a Java StackTrace, because this requires a small javascript to run. Hard to say if this is a plugin issue or jenkins issue..

      Refused to load the script 'http://

      {my.domain}

      :8080/job/Web%20check%20-%20PRODUCTION/115/HTMLReport/reportng.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'".

        Attachments

          Activity

          Hide
          vicus Vasile Pop added a comment - - edited

          The results are
          _Result: sandbox; default-src 'self'; script-src 'unsafe-inline'
          Result: sandbox; default-src 'self'; script-src 'unsafe-inline'
          Result: null
          Result:
          Result:
          Result:
          Result: sandbox; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';_

          Now the HTML report is a bit worse in CHROME, due to the error displayed below in JS console:

          suites.html:1 Blocked script execution in 'http://bftsieg002.ger.corp.intel.com:8080/job/Web%20tests%20-%20Full%20suite%20-%20Staging/142/HTML_Report/suites.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

          The very weird thing is that it seems to work great in Firefox...

          Show
          vicus Vasile Pop added a comment - - edited The results are _Result: sandbox; default-src 'self'; script-src 'unsafe-inline' Result: sandbox; default-src 'self'; script-src 'unsafe-inline' Result: null Result: Result: Result: Result: sandbox; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';_ Now the HTML report is a bit worse in CHROME, due to the error displayed below in JS console: suites.html:1 Blocked script execution in 'http://bftsieg002.ger.corp.intel.com:8080/job/Web%20tests%20-%20Full%20suite%20-%20Staging/142/HTML_Report/suites.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. The very weird thing is that it seems to work great in Firefox...
          Hide
          danielbeck Daniel Beck added a comment -

          Firefox does not support the sandbox directive. Remove it to make it work in Chrome.

          Show
          danielbeck Daniel Beck added a comment - Firefox does not support the sandbox directive. Remove it to make it work in Chrome.
          Hide
          vicus Vasile Pop added a comment -

          For some reason,
          System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';")
          works fine now on Chrome as well, I do not see any JS console errors anymore. We can close the issue, most likely my configuration was not correct.

          Thanks for the help!

          Show
          vicus Vasile Pop added a comment - For some reason, System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';") works fine now on Chrome as well, I do not see any JS console errors anymore. We can close the issue, most likely my configuration was not correct. Thanks for the help!
          Hide
          danielbeck Daniel Beck added a comment - - edited

          Well, you removed the "sandbox" part

          because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

          Show
          danielbeck Daniel Beck added a comment - - edited Well, you removed the "sandbox" part because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
          Hide
          danielbeck Daniel Beck added a comment -

          Configuration issue.

          Show
          danielbeck Daniel Beck added a comment - Configuration issue.

            People

            Assignee:
            r2b2_nz Richard Bywater
            Reporter:
            vicus Vasile Pop
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: