Overcoming Jenkins Content Security Policy

[timblaktu]

How does this plugin overcome the problem caused by Jenkins' Content Security Policy (CSP), which would otherwise prevent proper viewing of your diff2html-generated static html content?

My pipeline uses diff2html to generate static html content which is archived each build, but due to the restrictive CSP, users cannot properly view the html without downloading it, and opening local version of the html. When rendered on Jenkins, the CSP header causes the <style> settings to be ignored and the result is just about unreadable.

I have tried some of the poorly-documented solutions, in the pages linked below, to override this restrictive behavior and enable my users to view fully styled static html on Jenkins, to no avail.

I am seeking information from the developers of this plugin, which uses the same basic tech as my simple solution, yet doesn't seem to have any reports of this problem getting in the way. Thanks for your consideration.

https://issues.jenkins-ci.org/browse/JENKINS-32231
https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy

[rmpestano]

Hi, I actually don't know If the few inlined css are being ignored or not by Jenkins CSP.

In your case why don't you load the css file embedded on your plugin? For example in LastChanges we load diff2html css here.

It doesn't work for you?