Jenkins - HTML Publisher Plugin - No CSS is displayed when report is viewed in Jenkins Server
Figured out the issue. Sharing it here for other users.
CSS is stripped out because of the Content Security Policy in Jenkins. (https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy)
The default rule is set to:
sandbox; default-src 'none'; img-src 'self'; style-src 'self';
This rule set results in the following:
- No JavaScript allowed at all
- No plugins (object/embed) allowed
- No inline CSS, or CSS from other sites allowed
- No images from other
sites allowed - No frames allowed
- No web fonts allowed
- No XHR/AJAX allowed, etc.
To relax this rule, go to
- Manage Jenkins->
- Manage Nodes->
- Click settings(gear icon)->
click Script console on left and type in the following command:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
and Press Run. If you see the output as 'Result:' below "Result" header then the protection disabled. Re-Run your build and you can see that the new HTML files archived will have the CSS enabled.
How to Permanently Resolve HTML Publisher Plugin issue in Jenkins showing Extent Reports?
When you run such commands in the script console they only affect the running session and will be lost on a restart reverting to the stored settings /configuration.
There are various options available to you make them "permanent", depending on how you launch your Jenkins and what's most convenient to you.
This post describes setting them as JENKINS_JAVA_OPTIONS in the jenkins script.
You can pass them in as command line options in the java launch command as shown in the top of the Features controlled by system properties (Make sure to pass all of these arguments before the -jar argument, otherwise they will be ignored).
You can use a groovy Post-initialization script. in ${JENKINS_HOME}/init.groovy or a file in ${JENKINS_HOME}/init.groovy.d/*.groovy
You should bear in mind, changing the CSP settings potentially exposes your Jenkins instance to external risks - READ UP. While the Jenkins code has been recently strengthened to make it more secure, there's a lot of exposure left, especially in the myriad of plugins out there. You should only allow the minimum amount needed to get the plugin working.
It would be nice if the various plugin providers detailed exactly what must be allowed to have their plugin working properly and still keep Jenkins as secure as possible. Consider raising a ticket at http://issues.jenkins-ci.org/ against the plugin in question.
Jenkins show blank html instead of report
The issue was with nginx server, it was
add_header X-Frame-Options DENY;
changed to
add_header X-Frame-Options SAMEORIGIN;
Jenkins doesn't load CSS at HTML published pages
Create a Groovy script file $JENKINS_HOME/init.groovy, or any .groovy file in the directory $JENKINS_HOME/init.groovy.d/ with the following content:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline';")
systemctl restart jenkins
https://wiki.jenkins.io/display/JENKINS/Post-initialization+script
Jenkins HTML Publisher Plugin: No external links with Jenkins 1.643
The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.
The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:
If its value is the empty string, e.g.
java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war
then the header will not be sent at all.(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.
You can experiment with different settings using the Jenkins Script Console.
Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).
Related Topics
Why Does Margin-Top Work With Inline-Block But Not With Inline
Hide Vertical Scrollbar in ≪Select≫ Element
Color of Stacked Semi-Transparent Boxes Depends on Order
Make an Image Responsive - the Simplest Way
Why Should I Use 'Li' Instead of 'Div'
Do We Still Need Forward Slashes When Closing Void Elements in Html5
Can the ≪Script≫ Tag Not Be Self Closed
Responsive CSS Trapezoid Shape
Is an Anchor Tag Without the Href Attribute Safe