0

Publishing Extent Reports in Jenkins using HTML Published Plugin, the results do not display in a proper format.

To resolve this issue, running this command in the Script Console, it started working fine:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';")

Once Jenkins is restarted, the same issue happened. In this case, I have to use this code each time. Please guide me on how can I set up the code permanently.

jkdev
  • 11,360
  • 15
  • 54
  • 77
Usman Kokab
  • 143
  • 2
  • 5
  • it would add clarity if you included Jenkins version, plugin version and, based on the flag, some succinctness (ie: to the point). I believe the edit is concise enough and my response gives you options. – Ian W Aug 10 '19 at 06:41

1 Answers1

2

When you run such commands in the script console they only affect the running session and will be lost on a restart reverting to the stored settings /configuration.

There are various options available to you make them "permanent", depending on how you launch your Jenkins and what's most convenient to you.

This post describes setting them as JENKINS_JAVA_OPTIONS in the jenkins script.

You can pass them in as command line options in the java launch command as shown in the top of the Features controlled by system properties (Make sure to pass all of these arguments before the -jar argument, otherwise they will be ignored).

You can use a groovy Post-initialization script. in ${JENKINS_HOME}/init.groovy or a file in ${JENKINS_HOME}/init.groovy.d/*.groovy

You should bear in mind, changing the CSP settings potentially exposes your Jenkins instance to external risks - READ UP. While the Jenkins code has been recently strengthened to make it more secure, there's a lot of exposure left, especially in the myriad of plugins out there. You should only allow the minimum amount needed to get the plugin working.

It would be nice if the various plugin providers detailed exactly what must be allowed to have their plugin working properly and still keep Jenkins as secure as possible. Consider raising a ticket at http://issues.jenkins-ci.org/ against the plugin in question.

Ian W
  • 4,559
  • 2
  • 18
  • 37
  • Thank you @Ian W, your options guided me to the appropriate solution. What I did to solve it is that I put -Dhudson.model.DirectoryBrowserSupport.CSP= in jenkins.xml file under argument tag. This code should be before -jar, otherwise, it can be ignored. Now on a restart, I do not have to run any code again and again. – Usman Kokab Aug 14 '19 at 11:51
  • @usman-kokab, I would strongly urge you to review my links on CSP and security. You have essentially disabled the security protections Jenkins introduced (for good reason) back in 1.625.3. you should only allow the minimum settings necessary for tbe plugin to work. – Ian W Aug 15 '19 at 10:46
  • I am showing failed test screenshots in extent reports using HTML Publisher Plugin, everything working fine now, but the screenshot is not showing properly. It is only showing thumbnail, no image preview is viewable. Can you give a solution for this as well? Thanks in advance! – Usman Kokab Aug 15 '19 at 18:03