「Jenkins」- Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback. @20210427
问题描述
在 Jenkins 中,当访问测试报告时,页面无法正常显示(页面没有显示内容)。浏览器控制台显示如下错误消息:
... Refused to frame 'https://jenkins.example.com/' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback. Blocked script execution in '<URL>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. ...
软件版本:Jenkins 2.274 in Docker
解决方案
方案一、放宽规则(不推荐)
在 Script Console 中,执行 System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "") 脚本,以此来解决问题。
但是该方法放宽规则,官方并不鼓励该做法。并且我们使用该方法也没有生效,可能在新版本 Jenkins 中被废弃。
方案二、Resource Root URL(推荐)
官方推荐的方法:
1)为 Jenkins 服务再绑定新域名(当然要配置 Nginx 指向 Jenkins 服务);
2)并在 Manage Jenkins / Configure System / .. / Resource Root URL 中填写带地址;
参考文献
Configuring Content Security Policy
javascript - Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set - Stack Overflow
html - because the document's frame is sandboxed and the 'allow-scripts' permission is not set - Stack Overflow
javascript - Blocked script execution in because the document's frame is sandboxed - Angular application - Stack Overflow
