Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48774

Scoverage Plugin should include additional CSP bits so that it works

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • scoverage-plugin
    • None

      https://github.com/jenkinsci/htmlpublisher-plugin/pull/22 Enabled some level of basic CSP compatibility.

      https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
      https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

      Jenkins ver. 2.99;
      Scoverage Plugin 1.3.3

      The CSP that I get when I load reports has:

      Content-Security-Policy:sandbox; default-src 'none'; img-src 'self'; style-src 'self';

       
      Scoverage HTML Report

      Refused to load the stylesheet 'https://cdnjs.cloudflare.com/ajax/libs/pure/0.3.0/pure-min.css' because it violates the following Content Security Policy directive: "style-src 'self'".
Refused to frame ... because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

      (see also JENKINS-48764)

       

            Unassigned Unassigned
            jsoref Josh Soref
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: