Hello! Since Jenkins 1.625.3 you added Content-Security-Policy header for some content from plugins. I understand the reason to do it, but it breaks a lot of use-cases. I am developer of Allure Framework <https://github.com/allure-framework/allure-core>, it is the thing to better test reports. We have Allure Jenkins Plugin <https://github.com/jenkinsci/allure-plugin>, so some of our users are also Jenkins users. And since that security fix we have got a lot of bug reports about it: https://github.com/allure-framework/allure-core/issues/715 https://github.com/allure-framework/allure-core/issues/717 https://github.com/allure-framework/allure-core/issues/729 Also, there are more questions about it in our Gitter chat. <https://gitter.im/allure-framework/allure-core> People just not understand what is going on. We can't get rid of use Javascript in our framework, so I have to explain again and again what users should do.
Do you have any announcement or migration guide where I can redirect my users? Also, I looking for a better way to relax content security via UI rather than change configuration properties in the file. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/03831216-7e55-46cd-9562-89d6a0980e9a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
