[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Daniel Beck resolved as Fixed This issue has been resolved. HTML Publisher itself failed to show the iframe at all, which this issue is about. What's left is covered by https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Daniel Beck Status: Reopened Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Andru Cherny reopened an issue My Jenkins ver. 1.651.2 and HTML Publisher plugin - 1.11 Bug exsist. Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Andru Cherny Resolution: Fixed Status: Resolved Reopened Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Andru Cherny updated an issue Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Andru Cherny Attachment: снимок265.png Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Daniel Beck commented on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 So, to clarify, there are two parts to this: The HTML Publisher surrounds the published pages with a frame linking to the configured index pages. This frame was broken in 1.625.3/1.641, and the plugin release 1.10 fixes this. The published HTML pages may not display correctly when using things like XHR, _javascript_, inline CSS, etc. This is by design and was one of the security fixes in 1.625.3/1.641. To work around the second issue, you basically have the following options with this: Live with the brokenness, if it's not too severe. (E.g. Javadoc plugin has a similar issue with _javascript_ not running even with PR 4 applied), but it's hardly noticeable in my testing. Publish the HTML pages elsewhere and just link there from Jenkins. Make the HTML pages work without this kind of dynamic content or adapt to work within the rules (e.g. external CSS files rather than inline). Relax the rules controlling what static HTML files served by Jenkins are allowed to do: See documentation. You may be asking "Daniel, this security issue seems a bit far-fetched – most installations allow everyone to do everything, why so restrictive?" Good point. Unfortunately, while many, possibly most, Jenkins installations may not need this protection because it's not a threat to them, given how many users don't bother to apply basic common sense to their instance security, we opted to make Jenkins secure out of the box in this regard, rather than make it opt-in. Add Comment
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title mcrooney resolved as Fixed Thanks, released as 1.10! Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: mcrooney Status: In Progress Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage edited a comment on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 Another update— HTML publisher 1.9 itself under the latest Jenkins release works fine for me in HTTP-only environments.For clarity, what the original report is describing (seen in the first screen shot attachment), I believe is the browser trying to render the HTML publisher output in the second attachment:!Screen Shot 2015-12-11 at 5.15.29 PM.png|thumbnail! (Note the "Zip" link in the upper right, and the formatted names of the HTML documents in the tabs, following the "Return to Jenkins Job" link...) Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage commented on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 Another update— HTML publisher 1.9 itself under the latest Jenkins release works fine for me in HTTP-only environments. For clarity, what the original report is describing (seen in the first screen shot attachment), I believe is the browser trying to render the HTML publisher output in the second attachment: Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage updated an issue Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Jake Gage Attachment: Screen Shot 2015-12-11 at 5.15.29 PM.png Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage updated an issue Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Jake Gage Attachment: Screen Shot 2015-12-11 at 5.05.06 PM.png Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage edited a comment on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 I'm seeing the same issue:!Screen Shot 2015-12-11 at 5.05.06 PM.png|thumbnail!and I believe it may be related to iframe permissions. I only see the error in a Jenkins instance answering HTTPS, with multiple console messages: {{ Blocked script execution in 'https://my.jenkins.redacted/jenkins/view/Project/job/job_name/Test_Summaries/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. }} Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage commented on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 I'm seeing the same issue: Unable to render embedded object: File (Screen%20Shot%202015-12-11%20at%205.05.06%20PM.png) not found. and I believe it may be related to iframe permissions. I only see the error in a Jenkins instance answering HTTPS, with multiple console messages: Blocked script execution in 'https://my.jenkins.redacted/jenkins/view/Project/job/job_name/Test_Summaries/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage edited a comment on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 I'm seeing the same issue:!Screen %20Shot%202015 Shot 2015 -12-11 %20at%205 at 5 .05.06 %20PM PM .png|thumbnail!and I believe it may be related to iframe permissions. I only see the error in a Jenkins instance answering HTTPS, with multiple console messages:Blocked script execution in 'https://my.jenkins.redacted/jenkins/view/Project/job/job_name/Test_Summaries/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Jake Gage commented on JENKINS-32026 Re: HTML publisher 1.9 broken since Jenkins 1.625.3 Wow— thank you, Daniel Beck ! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Daniel Beck assigned an issue to Daniel Beck Nice analysis, but none of it was necessary because we know – see the advisory or more specifically the wiki page dedicated to Content Security Policy. FWIW I've proposed a PR that resolves the issue and generally meets approval by the author, PR 22, but hasn't yet been released. However, there's a PR build you could download and install. Note however the other limitations on the CSP wiki page. Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Change By: Daniel Beck Assignee: Daniel Beck Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Daniel Beck started work on JENKINS-32026 Change By: Daniel Beck Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [htmlpublisher-plugin] (JENKINS-32026) HTML publisher 1.9 broken since Jenkins 1.625.3
Title: Message Title Bernd Pohl created an issue Jenkins / JENKINS-32026 HTML publisher 1.9 broken since Jenkins 1.625.3 Issue Type: Bug Assignee: Unassigned Components: htmlpublisher-plugin Created: 11/Dec/15 8:41 AM Environment: Jenkins LTS version 1.625.3 HTML publisher plugin 1.9 Priority: Minor Reporter: Bernd Pohl After the upgrade from the Jenkins LTS version 1.625.2 to 1.625.3 the HTML report is not displayed. Instead a link "ZIP" and the text "index" is displayed in the upper left corner. I am not sure if this is really related to the HTML publisher plugin because its version has not been changed. Add Comment