Opening Html files failed

[techi...@gmail.com]

Hello all,

i am currently using Jenkins ver. 1.643 .  I tried work around of adding below highlighted to jenkins.xml suggested in the internet but didnt work for me. Could someone please suggest me on this error.

In windows based Jenkins we have service for stop/start .

I assumed below is the place where it is taking the arguments i have added those to Jenkins.xml.  here is complete xml.  please let me know if i am adding at wrong place.

<service>

  <id>jenkins</id>

  <name>Jenkins</name>

  <description>This service runs Jenkins continuous integration system.</description>

  <env name="JENKINS_HOME" value="%BASE%"/>

  <!--

    if you'd like to run Jenkins with a specific version of Java, specify a full path to java.exe.

    The following value assumes that you have java in your PATH.

  -->

  <executable>%BASE%\jre\bin\java</executable>

  <arguments>-Xrs -Xmx256m -Dhudson.model.DirectoryBrowserSupport.CSP= -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8080</arguments>

  <!--

    interactive flag causes the empty black Java window to be displayed.

    I'm still debugging this.

  <interactive />

  -->

  <logmode>rotate</logmode>

  <onfailure action="restart" />

</service>

Errors:

Opening Robot Framework report failed

• Verify that you have JavaScript enabled in your browser.
• Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
• Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.

- show quoted text -

[Daniel Beck]

Does it work when you set it via the script console as described on https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy ?

Note that setting it in the XML file requires a Jenkins restart via the Control Panel/services.msc to be effective.

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/70e74d95-e609-4471-abd4-626e0d76a4a5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[jer...@bodycad.com]

I'm running into the same problem under Windows, I try to add the Prolicy and restart the server, but it seem to be ignored. Here's what I did inside the "jenkins.xml"

<arguments>-Xrs -Xmx1024m -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;" -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8081 --prefix=/Jenkins</arguments>

There's no error into the error log but the web still tell me the 

because the document's frame is sandboxed and the 'allow-scripts' permission is not

I guess I have some syntax error or using the wrong format. Anybody have any tips? 

BTW, the page: 

https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy 

is great to know what the problems is, but it totaly lack clarity to where to set those policy. Why is this not part of the Manage jenkins interfaces? why can't we set this per project?

Thanks,

Jerome

[jer...@bodycad.com]

I have try to update to the latest Jenkins version 1.653, I try to run the following script console:

System.getProperty("hudson.model.DirectoryBrowserSupport.CSP")

Here's the return value:

Result: sandbox 'allow-scripts'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;

I still cannot access the web content and I get the same error as if allow-scripts is not

[Daniel Beck]

On 18.03.2016, at 15:48, jer...@bodycad.com wrote:

> I still cannot access the web content and I get the same error as if allow-scripts is not

Reload the page, bypassing cache (Shift-F5 on most Windows browsers AFAIK). It's possible your browser isn't actually looking at the (changed) response it gets since the file is still the same.

[Daniel Beck]

On 18.03.2016, at 15:26, jer...@bodycad.com wrote:

> I guess I have some syntax error or using the wrong format. Anybody have any tips?

Use the provided script console commands to read what the value you set actually is.

Set it using the script console to ensure it's not related to weird command line quote parsing. It's effective immediately, no restarts required. Once you're done with this, set it in the Jenkins launch scripts/config files to persist.

> BTW, the page:
> https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
> is great to know what the problems is, but it totaly lack clarity to where to set those policy.

The first few sentences of the section "Implementation" in the wiki are about how to pass the argument to the Java process. Or are you asking for a link to https://wiki.jenkins-ci.org/display/JENKINS/Native+Packages from which the platform dependent installer documentation (including where to customize parameters) can be accessed?

[jer...@bodycad.com]

I did try that right away, doesn't change anything.

[jer...@bodycad.com]

That's exactly what I trying to figure out, the value is set but doesn't have any effect, I guess I'm filling it badly (did try the console, see message above). Anybody have it working and can print the actual value inside it with the System.getProperty("hudson.model.DirectoryBrowserSupport.CSP") so I can compare what I have done badly here.

[Daniel Beck]

On 18.03.2016, at 15:48, jer...@bodycad.com wrote:

> Result: sandbox 'allow-scripts'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;

Try removing the quotes around allow-scripts.

[jer...@bodycad.com]

Hi,

Thanks, this seem to work, the quote are only needed for arguments for the source part, the sandbox args MUST NOT be quoted to work. Here's an example that mostly work for me to debug:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts allow-same-origin; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:;")

I still got the following error:

Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://ci.buildserver/Jenkins/job/CAD_Doxygen/Doxygen/index.html' from frame with URL 'http://ci.buildserver/Jenkins/job/CAD_Doxygen/Doxygen/search/all_11.html?Box'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.

Not sure which rule prevent this, but at least now the javascript and the css is loading properly. At first I try to add the 

arg allow-top-navigation to sandbox, but no luck. I even try every allow on the sandbox without any luck

http://www.w3schools.com/tags/att_iframe_sandbox.asp

This security feature is annoying as hell. really plan to redirect the page automatically to the Doxygen/index.html when the frame page is load by the Apache server in front of Jenkins, rewrite route into Apache it will be ;-)

Thanks for your help,

Jerome

[jer...@bodycad.com]

Ok finally found it, the flag is not documented by wc3 but I found it here:

https://www.chromestatus.com/feature/5708368589094912

adding to sandbox:

allow-popups allow-popups-to-escape-sandbox

now the Doxygen search work again and can open new window upon search click.

[jer...@bodycad.com]

> BTW, the page:
> https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
> is great to know what the problems is, but it totaly lack clarity to where to set those policy.

The first few sentences of the section "Implementation" in the wiki are about how to pass the argument to the Java process. Or are you asking for a link to https://wiki.jenkins-ci.org/display/JENKINS/Native+Packages from which the platform dependent installer documentation (including where to customize parameters) can be accessed?

Just for a follow up on this,  it mention that you have to change the java arguments, that's right, if you haven't check this out or not familiar with Jenkins, this is far from obvious, a link to the package page you gave here would be nice addition into the rules policy page to find out where to set those. Personally I remembered it because I had to change the http port before, but that was it, else I would have to search google or grep the file to find where that would need to go.

[jer...@bodycad.com]

Even with all the allow possible given to the sandbox, Doxygen search could not work properly with the navigation error. So I went into the Apache Rewrite route to avoid the iframe entirely:

RewriteRule ^/Jenkins/job/CAD_Doxygen/Doxygen$ /Jenkins/job/CAD_Doxygen/Doxygen/index.html [R]

This way the iframe loading is skip and redirect to the real Docygen page, avoiding all the problems.

Hope this thread help other people.

[Nakul Khargonkar]

Thanks a ton for your wonderful search.....

This worked for me 

java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts allow-popups allow-popups-to-escape-sandbox; style-src 'unsafe-inline' *;" -Dsvnkit.http.sslProtocols=TLSv1 -jar C:/server/Jenkins.war --httpPort=8280

[Nakul Khargonkar]

Thanks a ton for your wonderful finding.

This worked for me 

java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts allow-popups allow-popups-to-escape-sandbox; style-src 'unsafe-inline' *;" -Dsvnkit.http.sslProtocols=TLSv1 -jar C:/server/Jenkins.war --httpPort=8280

Thanks,

Nakul