Jenkins Content Security Policy

Hello Team,

I want to pass this CSP only to my agents and fetch the reports.html but its not working. Do I need to pass in Jenkins controller ?

If I need to pass this in agent , In the agent configuration I am passing it as environment variable and its not working

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", 
                   "sandbox; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';");

It doesn’t make sense to set this on agents as they do not deliver html pages. Those pages are delivered by the controller so you need to set it there.

1 Like