Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove CSP customization when we stop publishing ZafiraReport to the jobs #215

Open
vdelendik opened this issue May 3, 2020 · 2 comments
Open

remove CSP customization when we stop publishing ZafiraReport to the jobs #215

vdelendik opened this issue May 3, 2020 · 2 comments
Labels
enhancement
Projects
Community Edition

Comments

@vdelendik
Copy link
Contributor

Need to follow jenkins warning and stop using "hudson.model.DirectoryBrowserSupport.CSP" property

The default Content-Security-Policy is currently overridden using the hudson.model.DirectoryBrowserSupport.CSP system property, which is a potential security issue when browsing untrusted files. As an alternative, you can set up a Resource Root URL that Jenkins will use to serve some static files without adding Content-Security-Policy headers.

image
@vdelendik vdelendik added this to the 5.0 milestone May 3, 2020
@vdelendik vdelendik mentioned this issue May 3, 2020
Closed
@vdelendik vdelendik changed the title reuse secure way for browing external static files reuse secure way for browsing external static files May 13, 2020
@vdelendik vdelendik modified the milestones: 5.0, 5.1 May 13, 2020
@vdelendik vdelendik modified the milestones: 5.1, 5.2 Jul 8, 2020
@vdelendik vdelendik modified the milestones: 5.2, 5.3 Aug 18, 2020
@vdelendik vdelendik modified the milestones: 1.1 (5.3-qps), 1.2 Sep 24, 2020
@vdelendik vdelendik modified the milestones: 1.2, 1.3 Oct 30, 2020
@vdelendik vdelendik modified the milestones: 1.3, 1.4 Nov 21, 2020
@vdelendik vdelendik modified the milestones: 1.4, 1.5 Dec 29, 2020
@vdelendik vdelendik modified the milestones: 1.5, 1.6 Mar 9, 2021
@vdelendik vdelendik removed this from the 1.6 milestone Apr 1, 2021
@vdelendik
Copy link
Contributor Author

Resource Root URL feature is too specific and require extra domain name and setup.
Later we are going to avoid all kind of publish operations with customized Zafira reports so SCP customization might be removed at all. Updated subject accordingly

@vdelendik vdelendik removed the wontfix label Apr 1, 2021
@vdelendik vdelendik changed the title reuse secure way for browsing external static files remove CSP customization when we stop publishing ZafiraReport to the jobs Apr 1, 2021
@vdelendik vdelendik added this to To do in Community Edition via automation Jan 25, 2022
@vdelendik vdelendik added this to the 2.0 milestone Jan 25, 2022
@vdelendik
Copy link
Contributor Author

we need direct link to the zebrunner reporting run and completely destroy publishing of html files as part of build output

@vdelendik vdelendik modified the milestones: 2.0, 2.1 Feb 13, 2022
@vdelendik vdelendik modified the milestones: 2.1, 2.2 Jul 7, 2023
@vdelendik vdelendik removed this from the 2.2 milestone Oct 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
Community Edition
  
To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vdelendik