Skip to content

Instantly share code, notes, and snippets.

@serbaniuliuscezar
serbaniuliuscezar / jenkins_csp.md
Last active March 28, 2018 09:22 — forked from sofaking/jenkins_csp.md
How to relax default Content Security Policy for Jenkins

By default Content Security Policy (CSP) in Jenkins does not allow Cucumber HTML reports to be shown correctly, with styles, embedded images and JS. To fix that one need to relax CSP rules.

In my case, Jenkins is hosted on Ubuntu, so config file is here: /etc/default/jenkins.
CSP settings should be passed via JAVA_ARGS. Just add the following next to your current JAVA_ARGS settings and then restart Jenkins.

JAVA_ARGS="$JAVA_ARGS -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-scripts; default-src 'unsafe-inline'; img-src *\""

To be fair, img-src * shouldn't be necessary, because obviously I'm hosting embedded images next to report itself.
But for some reason img-src 'self' didn't work for me. At least for Safari.

set_list1 = set(tuple(sorted(d.items())) for d in all_info[0])
set_list2 = set(tuple(sorted(d.items())) for d in all_info[1])
set_overlap = set_list1.intersection(set_list2)
for tuple_element in set_overlap:
test.append(dict((x, y) for x, y in tuple_element))
set_difference = set_list1.difference(set_list2)
for tuple_element in set_difference:
test2.append(dict((x, y) for x, y in tuple_element))
# Run as a less privileged user for security reasons.
user www-data;
worker_processes auto;
pid /tmp/.nginx/nginx.pid;
events {
# Optimized to serve many clients with each thread, essential for Linux
use epoll;
-- Debian packages nginx-extras, lua-zlib required
ngx.ctx.max_chunk_size = tonumber(ngx.var.max_chunk_size)
ngx.ctx.max_body_size = tonumber(ngx.var.max_body_size)
function create_error_response (code, description)
local message = string.format('{"status":400,"statusReason":"Bad Request","code":%d,"exception":"","description":"%s","message":"HTTP 400 Bad Request"}', code, description)
ngx.status = ngx.HTTP_BAD_REQUEST
ngx.header.content_type = "application/json"
ngx.say(message)
local resp_body = string.sub(ngx.arg[1], 1, 1000)
ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
if ngx.arg[2] then
ngx.var.resp_body = ngx.ctx.buffered
end
val ansiColorPluginVersion: String = "0.6.2"
val jenkinsCoreVersion: String = "2.231"
val jobDslVersion: String = "1.77"
val implementation by configurations
val testImplementation by configurations
plugins {
id("java-library")
id("java")