I have a Jenkins job, where I generate an HTML-Page as a post buildstep, containing an image link ( HTML img tag). This HTML page is published by the HTMLPublisher Plugin for each job.
This has always worked great. But since I have updated Jenkins to v. 1.643, I only see a blank page when I click the published HTML page.
I've tried out a lot of things and found out the following strange behaviour:
Since the update, I cannot embed external links into the HTML-pages I publish.
If I embed an image from an external location (img src="somelocation/xxx.jpg), the image won't be displayed.
If I examine the HTML page with Firefox, I can see that the image tag is greyed out like it was invisible, but it is not.
If I embed a normal hyperlink, pointing to an external location, I can see the link in the displayed page, but when I click on it, nothing happens.
It is like Jenkins would not permit external links in this context.
Please help me out here :)
Thank you!
Edit:
Thanks to Dave Bacher, he gave me the right hint.
Look at this page to see Jenkins' new security policy.
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy#ConfiguringContentSecurityPolicy-Implementation
You have to relax the rules, so that embedding external images is allowed again.
For testing it, just type the following in your script console:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox; img-src *;")
This will allow embedding images from any external website.
If you run Jenkins on Ubuntu and you want to set this permanently, just edit the file /etc/default/jenkins. Under # arguments to pass to java add the following line:
JAVA_ARGS="-Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox; img-src *;\""
The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.
The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:
If its value is the empty string, e.g. java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.
(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.
You can experiment with different settings using the Jenkins Script Console.
Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).
I know the original question was for Linux, but this will also help out the Windows users... If you have Jenkins installed as a service (starting from Jenkins.exe) you will need to change the arguments in jenkins.xml for that property to persist.
If you are going to use the unsafe blank option remember to put the parameter in quotes. Below is my example line from jenkins.xml:
<arguments>-Xrs -Xmx1048m -XX:MaxPermSize=512m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= " -jar "%BASE%\jenkins.war" --httpPort=8080</arguments>
If you are using Red Hat then update JENKINS_JAVA_OPTIONS
Related
I have installed Alfresco using docker images as explained in this Angel Borrow's github repos. All goes fine.
But some translation key are not processed. On this image you can see that the translation key "LOGIN.LABEL.USERNAME" is not replaced by it' value.
There are several other issues like that on some popups in ADW (Alfresco Digital Workspace) app.
What is the best way to fix that?
PS : The same localization issues also exist on alfresco cloud.
The first think to check is if you have an adBlock extension activated on your browser page, if it's the case, disable adblock for Alfresco digitale workspace and reload.
You can debug error by using developer tools on your browser (F12)
in network you can see errors related to labels blocked and have more details.
O.
I am generating reports using protractor-multiple-cucumber-html-reporter-plugin in my local system and it is perfectly working.But when i am running this protractor script using Jenkins, I am not able to generate same report there using HTML Publisher plugin.The generated report looks like a broken one.Its not displaying the images and not navigating when clicking on links.I am using Chrome version of 75, Java with jdk1.8.0_201, Jenkins of version 2.263.4 and Html plugin of version 1.25.I have tried below code, but none of them worked for me.
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "*");
i am able to disabled the protection.But still report is not fully loading for me.
The actual report is look like
But in Jenkins, after disabling the protection,it look like
Can anyone help me? Thanks in Advance.
Try to install this plugin https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden?hl=en
Make sure to enable it after you're on the report page, and then reload the page. If this works, I'll explain what happened and what else you can do to permanently fix it
We need to add all files(css,js etc) while configuring the HTML publisher plugin, as like below
or else we need to keep the 'include files' field as empty. so that it will take all associate files. And then we need to disable the protection by
this link
so that we will get actual report.
How can I change the title in the Jenkins start page:
http://jenkinsserver.domain.whatever:9090/
As I see, the title is already in German with some special UTF-8 chars and this one makes trouble using selenium in the background to control Jenkins. I am quite sure the value is set somewhere - but where?
Jenkins runs on a Windows server.
You can just install the Simple Theme Plugin and then in Manage Jenkins > Configure System > Theme, point the URL of theme JS field to a .js file containing at minimum something like:
document.title = "Wathever title you prefer";
Save and reload the page.
It worked for me..
Jenkins is using the browser locale language settings, change that. Please also better specify the question, what do you mean by title? Local domain address? If so, this can be done in settings -> "Jenkins URL".
Is there any setting I can change in Jenkins to make /consoleText the default page for console outputs? Right now, I have to click on console, and then click on the View as plain text link to get this page.
PS: I'm open to "hack" suggestions, if there's no way to officially do this in Jenkins.
Edit: While I'd be perfectly happy with just making /consoleText as the default page, what would be even better would be to replace the View as plain text link with a View dynamic log link, so that I can access the console link too, in case I need it.
You can try the Sidebar-Link Plugin which will give you the ability to add side links on various Jenkins pages like the build, top level, etc.
I want to insert some script into every page, which have some functions that will be called by the modified HTML of that page, using a Firefox extension. I am able to insert the JavaScript into the head of the HTML, and also modify the page, but the java script functions are not called by the onmouseover event.
Does someone has any pointer on how to do that, using java script in local extension or as a online resource.
No GreaseMonkey, I need to do it with my plugin and not ask user to install greasemonkey, my plugin and the scripts.
Greasemonkey does this. It's excellent!
Make a Greasemonkey script. See Userscripts.org for lots of example ones to work off.
Why not use Greasemonkey? It allows you to execute javascript on any page on Firefox, and if executing the code you enter isn't good enough you could dynamically add links to the head, too.
you can modify the DOM using Firebug. I am not sure if you can load files locally.. sounds malicious. Also, you can just run arbitrary javascript commands in the Firebug console (a la python/ruby console)
There are some Greasemonkey-to-extension "compilers" (or extension-wrappers) out there:
Arantius's GM compiler
Gina Trapani's multiple-GM-script compiler
I've used the first one with extensive internal tweaking over time. However, I don't believe the compiler is actively maintained (default max-version is only 3.0), so may not be up-to-date with the latest GreaseMonkey, or FireFox.
I think Gina Trapani's is more designed for multiple scripts targetting the same domain, but I haven't used it.
Neither of these is a "GreaseMonkey solution" per se, as the end-user never has to install GreaseMonkey. They get a real-live FireFox extension. The core is very similar to GM, but you can change or add as much as you like.