Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Modify Content Security Policy

Ref: https://content-security-policy.com/  and  https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

Jenkins URL (Azure VM) : https://build-hee.transformcloud.net/jenkins/script

System.setProperty(hudson.model.DirectoryBrowserSupport.class.getName() + ".CSP", "script-src 'unsafe-inline' 'self';")
System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")

To persist the security changes the following command can be executed from the command line :

$ java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *" -jar jenkins.war

NOTE : The web browser refresh does not always reload the page with the new relaxed rules due to caching.  To ensure this doesn't happen it's advised to restart your browser.

If this needs to be reset to default (more secure) the run the following command : 

System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP")





  • No labels

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213