Sunday, April 3, 2016

Java script not working in Jenkins due new Content security policy, chrome console log 'displays allow-scripts' permission is not set.

Problem

We run tests using our Jenkins CI and our report contains java script. From version 1.625 LTS we saw that our report is corrupted, meaning most of it is gone.

Displaying the console (F12 in chrome) revealed the problem:
Blocked script execution in 'http://10.10.10.10:8080/job/test/ws/run/report/index.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

Temporary solution:

  • Go to Jenkins main page
  • Click on Manage Jenkins
  • Click on Script Console
  • Paste the following and press run: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
Go again to the page the was "corrupted" and refresh it

NOTICE: This fix does not survive restart of Jenkins

Fixed Solution:

Ubuntu

  • SSH the jenkins machine
  • Edit the jenkins default file located at /etc/default/jenkins
  • Search for JAVA_ARGS parameter
  • Add the following: -Dhudson.model.DirectoryBrowserSupport.CSP=\"\""
  • Restart jenkins

CentOS


  • SSH the jenkins machine
  • Edit the jenkins default file located at /etc/sysconfig/jenkins
  • Search for JENKINS_JAVA_OPTIONS parameter
  • Add the following: -Dhudson.model.DirectoryBrowserSupport.CSP=\"\""
  • Restart jenkins

See this for more information