I'm using Jenkins v1.642, running on Windows 2012 Server as a service (not behind a web server). There are HTML and CSS files in the userContent that provided a custom dashboard. That dashboard no longer renders properly. A check of the browser console showed "Blocked script execution in 'file.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.".
This Security Advisory <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09> is probably the cause, but it provides a workaround <https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy> by setting the hudson.model.DirectoryBrowserSupport.CSP value, either via the java command line or via the script console. I tried the following script in the console: hudson.model.DirectoryBrowserSupport.CSP ='' ...and got the following error: groovy.lang.MissingPropertyException: No such property: CSP for class: hudson.model.DirectoryBrowserSupport Dumping all properties(println hudson.model.DirectoryBrowserSupport.properties.collect{it}.join('\n')) showed no property called CSP. Likewise, setting the property via the command line as the workaround instructed did not help the rendering of the HTML/CSS files. Is there a change I can make to Jenkins - or to the HTML files - to resolve this problem? Although the security advisory is important, the Jenkins that I'm working with does not fall into that risk category. Thanks in advance, Jason -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a9fc2036-f2dc-4727-9dce-0975e69fea08%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
