Jenkins - HTML Publisher Plugin - No CSS Is Displayed When Report Is Viewed in Jenkins Server

  • Home
  • Languages
  • HTML
  • Jenkins - HTML Publisher Plugin - No CSS Is Displayed When Report Is Viewed in Jenkins Server

Jenkins - HTML Publisher Plugin - No CSS is displayed when report is viewed in Jenkins Server

Figured out the issue. Sharing it here for other users.

CSS is stripped out because of the Content Security Policy in Jenkins. (https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy)

The default rule is set to:

sandbox; default-src 'none'; img-src 'self'; style-src 'self';

This rule set results in the following:

  • No JavaScript allowed at all
  • No plugins (object/embed) allowed
  • No inline CSS, or CSS from other sites allowed
  • No images from other
    sites allowed
  • No frames allowed
  • No web fonts allowed
  • No XHR/AJAX allowed, etc.

To relax this rule, go to

  1. Manage Jenkins->
  2. Manage Nodes->
  3. Click settings(gear icon)->

  4. click Script console on left and type in the following command:

    System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

and Press Run. If you see the output as 'Result:' below "Result" header then the protection disabled. Re-Run your build and you can see that the new HTML files archived will have the CSS enabled.

How to Permanently Resolve HTML Publisher Plugin issue in Jenkins showing Extent Reports?

When you run such commands in the script console they only affect the running session and will be lost on a restart reverting to the stored settings /configuration.

There are various options available to you make them "permanent", depending on how you launch your Jenkins and what's most convenient to you.

This post describes setting them as JENKINS_JAVA_OPTIONS in the jenkins script.

You can pass them in as command line options in the java launch command as shown in the top of the Features controlled by system properties (Make sure to pass all of these arguments before the -jar argument, otherwise they will be ignored).

You can use a groovy Post-initialization script. in ${JENKINS_HOME}/init.groovy or a file in ${JENKINS_HOME}/init.groovy.d/*.groovy

You should bear in mind, changing the CSP settings potentially exposes your Jenkins instance to external risks - READ UP. While the Jenkins code has been recently strengthened to make it more secure, there's a lot of exposure left, especially in the myriad of plugins out there. You should only allow the minimum amount needed to get the plugin working.

It would be nice if the various plugin providers detailed exactly what must be allowed to have their plugin working properly and still keep Jenkins as secure as possible. Consider raising a ticket at http://issues.jenkins-ci.org/ against the plugin in question.

Jenkins show blank html instead of report

The issue was with nginx server, it was

add_header X-Frame-Options DENY;

changed to 

add_header X-Frame-Options SAMEORIGIN;

Jenkins doesn't load CSS at HTML published pages

Create a Groovy script file $JENKINS_HOME/init.groovy, or any .groovy file in the directory $JENKINS_HOME/init.groovy.d/ with the following content:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline';")

systemctl restart jenkins

https://wiki.jenkins.io/display/JENKINS/Post-initialization+script

Jenkins HTML Publisher Plugin: No external links with Jenkins 1.643

The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.

The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:

If its value is the empty string, e.g. java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.

(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.

You can experiment with different settings using the Jenkins Script Console.

Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).


Related Topics

Labeling File Upload Button

Html5 Download Attribute Not Working When Downloading from Another Server, Even When Access-Control-Allow-Origin Is Set to All (*)

Why Does Margin-Top Work With Inline-Block But Not With Inline

Webforms Unobtrusivevalidationmode Requires a Scriptresourcemapping For 'Jquery'. Please Add a Scriptresourcemapping Named Jquery(Case-Sensitive)

Hide Vertical Scrollbar in ≪Select≫ Element

Color of Stacked Semi-Transparent Boxes Depends on Order

Horizontal List Items

Make an Image Responsive - the Simplest Way

Html5 Email Validation

Color For Unicode Emoji

Set Html5 Doctype With Xslt

Why Should I Use 'Li' Instead of 'Div'

Do We Still Need Forward Slashes When Closing Void Elements in Html5

Can the ≪Script≫ Tag Not Be Self Closed

Responsive CSS Trapezoid Shape

Is an Anchor Tag Without the Href Attribute Safe

How to Display Pdf File in Html

Creating a CSS3 Box-Shadow on All Sides But One


Leave a reply



Submit