Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39123

Fix the HTML Report security problem in Jenkins plugin

    Details

    • Similar Issues:

      Description

      current Jenkins version cannot display the HTML report because of Content Security Policy.

      https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

      The policy bans JS, CSS, etc, affecting a lot of report plugin. Currently the workaround is to disable this Content Security Policy in Jenkins script console by executing this script:
      System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

      The Jenkins script console can be accessed from the "manage Jenkins" link, typically at your http://server/jenkins/script.
      You can see the https://wiki.jenkins-ci.org/display/JENKINS/Jenkins%20Script%20Console for details about Jenkins script console.

      About the issue -
      It’s due to use of Iframes, Inline JS, inline CSS and other minor issues that lead to our reports being blocked on Jenkins.

      Current solution (workaround for LR and UFT) –
      published on the plugin page on jenkins.io - https://wiki.jenkins-ci.org/display/JENKINS/HP+Application+Automation+Tools#HPApplicationAutomationTools-ContentSecurityPolicyHeader

      Long term solution –
      • on LR side were working on two solutions –
      1. Planned new LR report for 14.00.
      2. New JS reporting engine to present a jenkins made report for LR.
      • On overall plugin side – no overall solution is possible due to difference in reports.

        Attachments

          Activity

          Hide
          xiwenhpe xiwen zhao added a comment -

          currently we do not have any plan to improve this issue because users can set security policy to avoid this problem.

          Jenkins banned js for security reason, the entire UFT html report was based on js, we are not able to remove js from UFT report.

          i will mark this issue as closed, for further concerns please reopen the issue and leave a comment. Thanks.

          Show
          xiwenhpe xiwen zhao added a comment - currently we do not have any plan to improve this issue because users can set security policy to avoid this problem. Jenkins banned js for security reason, the entire UFT html report was based on js, we are not able to remove js from UFT report. i will mark this issue as closed, for further concerns please reopen the issue and leave a comment. Thanks.
          Hide
          xiwenhpe xiwen zhao added a comment -

          mark as closed

          Show
          xiwenhpe xiwen zhao added a comment - mark as closed

            People

            • Assignee:
              xiwenhpe xiwen zhao
              Reporter:
              xiwenhpe xiwen zhao
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: