hudson.model.DirectoryBrowserSupport.CSP inaccesible; cannot render userContent HTML

[Jason Swager]

I'm using Jenkins v1.642, running on Windows 2012 Server as a service (not behind a web server).  There are HTML and CSS files in the userContent that provided a custom dashboard.  That dashboard no longer renders properly.  A check of the browser console showed "Blocked script execution in 'file.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.".

This Security Advisory is probably the cause, but it provides a workaround by setting the hudson.model.DirectoryBrowserSupport.CSP value, either via the java command line or via the script console.  I tried the following script in the console:

hudson.model.DirectoryBrowserSupport.CSP =''

...and got the following error:

groovy.lang.MissingPropertyException: No such property: CSP for class: hudson.model.DirectoryBrowserSupport

Dumping all properties(println hudson.model.DirectoryBrowserSupport.properties.collect{it}.join('\n')) showed no property called CSP.  Likewise, setting the property via the command line as the workaround instructed did not help the rendering of the HTML/CSS files.

Is there a change I can make to Jenkins - or to the HTML files - to resolve this problem?  Although the security advisory is important, the Jenkins that I'm working with does not fall into that risk category.

Thanks in advance,

Jason 

[Daniel Beck]

> On 23.12.2015, at 15:40, Jason Swager <jsw...@alohaoi.com> wrote:
>
> tried the following script in the console:
>
> hudson.model.DirectoryBrowserSupport.CSP =''

Just read the wiki page. It explains how to do this.

[Jason Swager]

My apologies.  After re-reading through the doc, I saw my mistake.  Thank you!