How to relax Jenkins security rules for Allure?

Question

I tried to add this in Jenkins Script Console, but it didn't help:

"-Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"

How to do this? Or what is wrong?

S.Spieker · Accepted Answer · 2016-10-19T15:00:06.133

6

You posted the start parameter for java. If you would like to test it inside the console try this:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")

If you want to change the property for every start, you can add:

-Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"

to your start parameter, so that it might look like:

java -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" -jar jenkins.war

If you need further informations, you can take a look at JENKINS Configuring Content Security Policy

edited Oct 19 '16 at 15:00

answered Feb 03 '16 at 15:43

S.Spieker

7,005
8
44
50

Thank you, [script-result](http://screencast.com/t/Dji5bOxcJBI). But allure report not opened again - [chrome](http://screencast.com/t/lrwW6epC74j) and [safari](http://screencast.com/t/r9vxouhR) – testableapple Feb 03 '16 at 16:01
I removed a parameter, can you try again? – S.Spieker Feb 03 '16 at 16:09
Hello S.Spieker Do you know how can I make the change permanently? – Nelson Raul Cabero Mendoza Oct 18 '16 at 14:01
@NelsonRaulCaberoMendoza I added the start paramter for enabling this permanently – S.Spieker Oct 19 '16 at 15:00
Thanks I am using jenkins running on tomcat and I am not sure in wich file I have to add that configuration – Nelson Raul Cabero Mendoza Oct 19 '16 at 15:06
Run the tomcatXw.exe (where X is the major version number of Tomcat you are running) program in Tomcat's bin directory to configure the parameters used for your Tomcat Windows Service. There are lots of things you can do in there including configure any -D-style system properties you want. – S.Spieker Oct 19 '16 at 15:28

score 0 · Answer 2 · answered Mar 09 '19 at 17:00

The following lines worked for me:

System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP")
System.clearProperty("jenkins.model.DirectoryBrowserSupport.CSP")
System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "sandbox allow-same-origin allow-scripts; default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self' data:")
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-same-origin allow-scripts; default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self' data:")

How to relax Jenkins security rules for Allure?

2 Answers2