Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32296

Jenkins global security configuration page should provide option to configure the new "Content Security Policy"

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Won't Do
    • Icon: Major Major
    • core
    • None
    • Jenkins 1.643 (with integrated webserver)

      Filing this issue after discussion with danielbeck about JENKINS-32277.

      I appreciate the efforts to make Jenkins secure out of the box. But as Daniel pointed out already in his analysis in JENKINS-32026:

      Good point. Unfortunately, while many, possibly most, Jenkins installations may not need this protection because it's not a threat to them...

      , the new CSP policy is relevant only for a minority of the Jenkins installations and breaks functionality which worked for years before.

      When I was searching for a workaround when discovered JENKINS-32277, one of the first things I made was looking for an option inside Jenkins Global Security options page. Unfortunately, the option to configure CSP is only available as System Property which is neither obvious nor user friendly. I required to contact the IT department such that they change the Jenkins startup parameters inside the Jenkins.xml file...

      Therefore I assume that having that option in the Jenkins Global Security Options page would help a lot.

            danielbeck Daniel Beck
            schlegel_m Markus Schlegel
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: