Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41891

Serve static files from second domain as an alternative to setting CSP

    Details

    • Similar Issues:
    • Released As:
      jenkins-2.200

      Description

      Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

      We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.

        Attachments

          Issue Links

            Activity

            danielbeck Daniel Beck created issue -
            danielbeck Daniel Beck made changes -
            Field Original Value New Value
            Labels security
            danielbeck Daniel Beck made changes -
            Link This issue is related to SECURITY-328 [ SECURITY-328 ]
            danielbeck Daniel Beck made changes -
            Link This issue is related to SECURITY-664 [ SECURITY-664 ]
            danielbeck Daniel Beck made changes -
            Description Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

            We need second domain support for static resources such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
            Dealing with Content-Security-Policy is just too annoying, and there's too many plugins trying to just serve static files in Jenkins, often for no real reason.

            We need second domain support for static resources (DirectoryBrowserSupport) such that accessing that is possible without authentication, just with a token, and that token is used for linked resources as well.
            jglick Jesse Glick made changes -
            Remote Link This issue links to "CloudBees-internal issue (Web Link)" [ 23609 ]
            jvz Matt Sicker made changes -
            Assignee Matt Sicker [ jvz ]
            danielbeck Daniel Beck made changes -
            Assignee Matt Sicker [ jvz ] Daniel Beck [ danielbeck ]
            danielbeck Daniel Beck made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            danielbeck Daniel Beck made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            danielbeck Daniel Beck made changes -
            Remote Link This issue links to "PR 4239 (Web Link)" [ 23732 ]
            danielbeck Daniel Beck made changes -
            Status In Review [ 10005 ] Closed [ 6 ]
            Resolution Fixed [ 1 ]
            Released As jenkins-2.200
            jsoref Josh Soref made changes -
            Link This issue relates to JENKINS-59849 [ JENKINS-59849 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-59874 [ JENKINS-59874 ]

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                danielbeck Daniel Beck
              • Votes:
                2 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: