Static files don't loading within CSP-restrictions #715
Comments
|
Ok, reproduced it on my local server. It seems that our report can't work in the so strict environment. I will look for more suitable compromise. |
|
Now I have come up with the conclusion that we can't make Allure work in such restrictions. That CSP setting disallows executing any javascript on the page. Obviously, our report can't work with JS. I made Allure work with a bit relaxed version of config: It allows us to use all static resources from the same domain and fetch data via AJAX as well. //cc @georgecrawford |
|
@just-boris Do you know anything about how the CSP settings are configured in Jenkins? According to our systems engineer, we're using a very vanilla installation of Jenkins, with nothing special security-wise. Does Allure definitely work for you in a similar setup? If you know how I can change the headers, please let me know. |
|
Found the following commit: jenkinsci/jenkins@d3fb2c0 |
|
Interesting - I'll also look into how we might configure this better. |
|
OK, so using this command in the Script Console: ... I have it almost working. But there's something very strange that I don't understand - lots of UI elements seem corrupted, and there are thousands of JS console errors (
|
|
Yes, that weird things are caused by some inline styles. I prepared a PR to fix it. #716 For now, you can work around by adding |
|
I see the same problems with |
|
I downloaded the allure xml files, and it all looks perfect when I run |
|
:( Ok, then you can shut down the CSP at all, by setting it to |
|
Yep, it's fine when I do that. I'll keep on trying other combinations too. |
|
Good news: I have it working now with just: |
|
Updated our Jenkins docs. http://wiki.qatools.ru/display/AL/Allure+Jenkins+Plugin |
|
thanks @georgecrawford for the report and help! |
|
For those of you having issues with this, I had to set BOTH Jenkins and Hudson properties for it to work, just run these in the /script window of your Jenkins server: System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';") |
|
thanks @SpyderWeiss , your solutions works 👍 |
|
Hi all, where can i find: /script window of the Jenkins server? |
|
@akiikius https:///script OR Manage Jenkins >> Script Console |
|
When I run Jenkins container, I get an error: |
|
@adv-tsk You need to escape property. Currently, expression parsed as following The rest of expression will be passed as a main class name. Try this: Note extra |
|
Thanks @just-boris, it works!) |
|
I am still having issues with accessing reports in Chrome. |
|
+1 to brpIHDUN. This trick not worked in chrome. |
|
+1 same issue in Chrome |
|
Hello, guys! Could you tell more details about the current issue? Maybe we have got some regression here. A screenshot of console with errors would be so helpful there |
|
Hi just-boris,
Here are Jenkins run parameters Jenkins version 2.31 |
|
Allright, tried to add these lines in jenkins console via Firefox ( I did it in Chrome previously) - and it worked. So it's either Chrome or one need to add the lines twice in a row in order to make it applied: For the very first time i added that links i had an empty "Result", now it answered me with some extra lines. |
Content-Security-Policy is gonna be spreading across the web. So it is matters to make Allure work with it.
Allure doesn't work with the following headers:
The text was updated successfully, but these errors were encountered: