发布 html 插件:违反了以下内容安全策略指令
publish html plugin: violates the following Content Security Policy directive
你好,我正在使用 jenkins,我在自动化结束时生成了报告 运行,在 运行 jenkins 生成发布 html 目录到我的工作文件夹之后可以看到当前的日志报告,但是我得到了一些错误
ExtentScreenshot.html:1 The source list for Content Security Policy
directive 'script-src' contains an invalid source: ''allow-scripts''.
It will be ignored. ExtentScreenshot.html:22 Refused to load the
stylesheet
'https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600'
because it violates the following Content Security Policy directive:
"style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:23 Refused to load the stylesheet
'https://cdn.rawgit.com/anshooarora/extentreports/45123d736a03aca0abc5c4fcf1e746fef49736fd/cdn/extent.css'
because it violates the following Content Security Policy directive:
"style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:1 Refused to load the script
'https://cdn.rawgit.com/anshooarora/extentreports/6032d73243ba4fe4fb8769eb9c315d4fdf16fe68/cdn/extent.js'
because it violates the following Content Security Policy directive:
"script-src 'self' 'unsafe-inline' 'allow-scripts'".
ExtentScreenshot.html:695 Uncaught ReferenceError: $ is not defined
at ExtentScreenshot.html:695 ExtentScreenshot.html:699 Uncaught ReferenceError: $ is not defined
at ExtentScreenshot.html:699 ExtentScreenshot.html:1 Refused to load the stylesheet
'https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600'
because it violates the following Content Security Policy directive:
"style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:1 Refused to load the stylesheet
'https://cdn.rawgit.com/anshooarora/extentreports/45123d736a03aca0abc5c4fcf1e746fef49736fd/cdn/extent.css'
because it violates the following Content Security Policy directive:
"style-src 'self' 'unsafe-inline' ".
因为我在我的 jenkins 中使用其他报告,所以我必须更改 jenkins.xml 行中的文件
-Xrs -Xmx1048m -XX:MaxPermSize=512m
-Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= img-src 'self'; style-src
'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline'
'allow-scripts' " -jar "%BASE%\jenkins.war" --httpPort=2020
--webroot="%BASE%\war"--accessLoggerClassName=winstone.accesslog.SimpleAccessLogger
--simpleAccessLogger.format=combined --simpleAccessLogger.file="%BASE%/logs/access.log"
jenkins 中的当前配置应该是什么才能让我查看报告?
您可以通过将 Dhudson.model.DirectoryBrowserSupport.CSP= 设置为空字符串来完全禁用 CSP。
参见 Configuring Content Security Policy, CSP directives
如果您刚刚更新 HTML Publisher,请在 Jenkins 控制台中 运行 此脚本。
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP");
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *");
你好,我正在使用 jenkins,我在自动化结束时生成了报告 运行,在 运行 jenkins 生成发布 html 目录到我的工作文件夹之后可以看到当前的日志报告,但是我得到了一些错误
ExtentScreenshot.html:1 The source list for Content Security Policy directive 'script-src' contains an invalid source: ''allow-scripts''. It will be ignored. ExtentScreenshot.html:22 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:23 Refused to load the stylesheet 'https://cdn.rawgit.com/anshooarora/extentreports/45123d736a03aca0abc5c4fcf1e746fef49736fd/cdn/extent.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:1 Refused to load the script 'https://cdn.rawgit.com/anshooarora/extentreports/6032d73243ba4fe4fb8769eb9c315d4fdf16fe68/cdn/extent.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'allow-scripts'".
ExtentScreenshot.html:695 Uncaught ReferenceError: $ is not defined at ExtentScreenshot.html:695 ExtentScreenshot.html:699 Uncaught ReferenceError: $ is not defined at ExtentScreenshot.html:699 ExtentScreenshot.html:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
ExtentScreenshot.html:1 Refused to load the stylesheet 'https://cdn.rawgit.com/anshooarora/extentreports/45123d736a03aca0abc5c4fcf1e746fef49736fd/cdn/extent.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' ".
因为我在我的 jenkins 中使用其他报告,所以我必须更改 jenkins.xml 行中的文件
-Xrs -Xmx1048m -XX:MaxPermSize=512m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= img-src 'self'; style-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'allow-scripts' " -jar "%BASE%\jenkins.war" --httpPort=2020 --webroot="%BASE%\war"--accessLoggerClassName=winstone.accesslog.SimpleAccessLogger --simpleAccessLogger.format=combined --simpleAccessLogger.file="%BASE%/logs/access.log"
jenkins 中的当前配置应该是什么才能让我查看报告?
您可以通过将 Dhudson.model.DirectoryBrowserSupport.CSP= 设置为空字符串来完全禁用 CSP。
参见 Configuring Content Security Policy, CSP directives
如果您刚刚更新 HTML Publisher,请在 Jenkins 控制台中 运行 此脚本。
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP");
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *");