Content-Security-Policy (CSP) violations

[koenpunt]

It's currently not possible to use the HTML output without using at least

script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';

Which isn't desired, and requires extra configuration when setting up a coverage page in Jenkins

[bf4]

@koenpunt could you give more information about the error you're seeing and how we might reproduce it? Thanks.

[koenpunt]

I did setup Jenkins with the doclinks plugin so the coverage report is visible from within jenkins. However, due to the default CSP of Jenkins, the coverage report can't load certain javascript and css sources, required to correctly display the page.

This can be fixed by making the CSP rule less strict, but there are also certain optimizations which can done in this gem.

[beydogan]

I'm having the same issue on Jenkins while publishing results with HTML Publisher

Error is:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".


    at O (application.js:1191)
    at r (application.js:1150)
    at HTMLTableElement.<anonymous> (application.js:1248)
    at Function.each (application.js:17)
    at init.each (application.js:17)
    at init.j.fn.dataTable (application.js:1237)
    at HTMLDocument.<anonymous> (application.js:1587)
    at Object.resolveWith (application.js:17)
    at Function.ready (application.js:17)
    at HTMLDocument.B (application.js:17)

[PragTob]

Merged and eleased soon.