[JIRA] [thucydides-plugin] (JENKINS-35427) Jenkins new Content Security Policy breaks display of Serenity (formerly known as Thucydides) Reports

hazmeister@gmail.com (JIRA)

unread,

Jun 7, 2016, 10:48:01 AM6/7/16

to jenkinsc...@googlegroups.com

Harry King created an issue

Jenkins /

JENKINS-35427

Jenkins new Content Security Policy breaks display of Serenity (formerly known as Thucydides) Reports

Issue Type:	Bug
Assignee:	Unassigned
Components:	thucydides-plugin
Created:	2016/Jun/07 2:47 PM
Priority:	Minor
Reporter:	Harry King

Jenkins 1.641 / Jenkins 1.625.3 introduces the Content-Security-Policy header to static files served by Jenkins. This new restrictive header applies the following policies:
`sandbox; default-src 'none'; img-src 'self'; style-src 'self';
`
[Full details here](https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy).

Unsurprisingly, this breaks the display of the Serenity Report when using the [Thucydidies plugin](https://wiki.jenkins-ci.org/display/JENKINS/Thucydides+Plugin), as scripts and CSS used in the report get blocked.

I've had a bash at fixing it with a [pull request](https://github.com/jenkinsci/thucydides-plugin/pull/1) in the same way the cucumber project fixed their plugin.