Security tweak required for BDD error report image display on Jenkins 2.7.2
Ref: https://content-security-policy.com/ and https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
Jenkins URL (Azure VM) : https://build-hee.transformcloud.net/jenkins/script
System.setProperty(hudson.model.DirectoryBrowserSupport.class.getName() + ".CSP", "script-src 'unsafe-inline' 'self';") System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")
To persist the security changes the following command can be executed from the command line :
$ java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *" -jar jenkins.war
NOTE : The web browser refresh does not always reload the page with the new relaxed rules due to caching. To ensure this doesn't happen it's advised to restart your browser.
If this needs to be reset to default (more secure) the run the following command :
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP")
Add Comment