test report failed with error message ”because the document's frame is sandboxed and the 'allow-scripts' permission is not set.” after updating jenkins to 2.19.2
The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.
Can setting Jenkins Content Security Policy by Run the Groovy script at at http://jenkinsServer:8080/script( can open the script on manage page).
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none';script-src 'unsafe-inline' http://code.jquery.com/jquery-2.1.0.min.js; img-src dohko.hpeswlab.net 'self' data: ; style-src 'unsafe-inline' 'self';");
For more information about CSP, Please refer to https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy & https://content-security-policy.com/ .
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步