Hi,
Thanks, this seem to work, the quote are only needed for arguments for the
source part, the sandbox args MUST NOT be quoted to work. Here's an example
that mostly work for me to debug:
*System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox
allow-scripts allow-same-origin; script-src * 'unsafe-inline'
'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:;")*
I still got the following error:
Unsafe JavaScript attempt to initiate navigation for frame with URL
'http://ci.buildserver/Jenkins/job/CAD_Doxygen/Doxygen/index.html' from
frame with URL
'http://ci.buildserver/Jenkins/job/CAD_Doxygen/Doxygen/search/all_11.html?Box'.
The frame attempting navigation is sandboxed, and is therefore disallowed
from navigating its ancestors.
Not sure which rule prevent this, but at least now the javascript and the
css is loading properly. At first I try to add the
arg *allow-top-navigation *to *sandbox*, but no luck. I even try every
allow on the sandbox without any luck
http://www.w3schools.com/tags/att_iframe_sandbox.asp
This security feature is annoying as hell. really plan to redirect the page
automatically to the Doxygen/index.html when the frame page is load by the
Apache server in front of Jenkins, rewrite route into Apache it will be ;-)
Thanks for your help,
Jerome
On Tuesday, March 22, 2016 at 3:16:36 PM UTC-4, Daniel Beck wrote:
>
>
> On 18.03.2016, at 15:48, [email protected] <javascript:> wrote:
>
> > Result: sandbox 'allow-scripts'; script-src 'self' 'unsafe-inline'
> 'unsafe-eval'; img-src *;
>
> Try removing the quotes around allow-scripts.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/15636d9e-5a96-49ae-ac9a-7020bfa28128%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
