Allure plugin does not load reports with jenkins 1.641

[rajatjindal]

Jenkins 1.641 / Jenkins 1.625.3 introduce the Content-Security-Policy header to static files served by Jenkins (specifically, DirectoryBrowserSupport).

This header is set to a very restrictive default set of permissions to protect Jenkins users from malicious HTML/JS files in workspaces, /userContent, or archived artifacts.

and when we try to load Allure report with this jenkins, we get following error in browser console:

Blocked script execution in 'https://jenkins2/view/viewname/job/jobname/allure/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

[baev]

@rajatjindal83 hi!

Did you read the docs http://wiki.qatools.ru/display/AL/Allure+Jenkins+Plugin ?

[jalona]

@rajatjindal83 see #45
Solution in http://wiki.qatools.ru/display/AL/Allure+Jenkins+Plugin

[roeera]

@rajatjindal83 @rajatjindal83
Hi,

Tried to find the right place to configure both system properties -
"-Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
"-Djenkins.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
The only way that works for me is to configure it through jenkins console
like in the following solution
http://stackoverflow.com/questions/35181175/how-to-relax-jenkins-security-rules-for-allure
Unfortunately this is working temporarily, because after some time, i found myself need to rerun the command again.
Is there another permanently option to solve it forever.

Thanks,
Roee.

[rucindrea]

@roeera I have the exact same problem. How do I save these settings permanently? @baev any help?

[vania-pooh]

@rucindrea please try to add respective -Djenkins.model.DirectoryBrowserSupport.CSP to /etc/default/jenkins (that's under Ubuntu, don't know about Windows).

[rucindrea]

@vania-pooh thanks! any ideas on how that goes on mac?

[roeera]

Can you specify the exact line / row that needs to be added inline ?
Tried this also and it didn't work

On Tue, Apr 26, 2016, 22:31 Ivan Krutov notifications@github.com wrote:

@rucindrea https://github.com/rucindrea please try to add respective
-Djenkins.model.DirectoryBrowserSupport.CSP to /etc/default/jenkins
(that's under Ubuntu, don't know about Windows).

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#47 (comment)

[vania-pooh]

@rucindrea how about editing the following file:

~/Library/LaunchAgents/org.jenkins-ci.plist

I don't now the exact file name but it should be in this directory and contain "jenkins" in name.

[roeera]

@vania-pooh Can you specify the exact line / row that needs to be added inline ?
Tried this also and it didn't work (in ubuntu)

[Melinda94]

@roeera The exact line is :

JAVA_ARGS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" -Djenkins.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';""

from etc/default/ , jenkins file :)

[roeera]

@Melinda94 Thanks !

[salujaharkirat]

@Melinda94 : 👍 this works like a charm, so I added following to my /etc/default/jenkins file

JAVA_ARGS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\" -Djenkins.model.DirectoryBrowserSupport.CSP=\"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\""

[vania-pooh]

@ALL: let's then close this?

[sudheerkb]

@vania-pooh any help in where to update in jenkins windows. I was trying to update in jenkins.xml tag.
But no luck.

Before the link is <arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=8008 --webroot="%BASE%\war"</arguments>,

i updated to

<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; -Djenkins.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; -jar "%BASE%\jenkins.war" --httpPort=8008 --webroot="%BASE%\war"</arguments>

[sudheerkb]

@vania-pooh somehow i got it worked.

Update in jenkins.xml with the below lines

<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" -jar "%BASE%\jenkins.war" --httpPort=8008 --webroot="%BASE%\war"</arguments>

But the problem, is i only get Loading screen. It never goes past that when i open the results in jenkins.

Please help

[vania-pooh]

Maybe http://stackoverflow.com/questions/23997449/allure-report-nothing-shown-in-chrome ?

[eroshenkoam]

@sudheerkb we are solved this problem in 2.12. Can you test this?

[rajatjindal]

@eroshenkoam

I've requested our build/release team to update the plugin and will get back with results.

Thanks for fixing.

Thanks
Rajat Jindal

[rajatjindal]

I can confirm that this is working now. Thanks a lot guys