How to relax Jenkins security rules for Allure?

Question

I tried to add this in Jenkins Script Console, but it didn't help:

"-Dhudson.model.DirectoryBrowserSupport.CSP=default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"

How to do this? Or what is wrong?

Answer 1

The following lines worked for me:

System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP")
System.clearProperty("jenkins.model.DirectoryBrowserSupport.CSP")
System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "sandbox allow-same-origin allow-scripts; default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self' data:")
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-same-origin allow-scripts; default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self' data:")

Answer 2

You posted the start parameter for java. If you would like to test it inside the console try this:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")

If you want to change the property for every start, you can add:

-Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"

to your start parameter, so that it might look like:

java -Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" -jar jenkins.war

If you need further informations, you can take a look at JENKINS Configuring Content Security Policy