How to permanently set Content Security Policy in Jenkins

Keywords: Jenkins - AWS - Technical issue - Permissions

I would like to permanently change the Bitnami Jenkins CSP in order to allow a certain HTML plugin to display its report.

I have tried setting both JAVA_OPTIONS and JENKINS_JAVA_OPTIONS in /opt/bitnami/apache-tomcat/scripts/ to

“-Dhudson.model.DirectoryBrowserSupport.CSP”, “sandbox allow-scripts; default-src ‘unsafe-inline’; img-src * data:; script-src ‘self’ ‘unsafe-inline’; default-src ‘self’;“

But have had no success. Based on a pervious post, it sounded like there might be a way to achieve this by editing /opt/bitnami/apps/jenkins/jenkins_home/config.xml, but I do not know the proper syntax.

This Jenkins instance is running on AWS EC2.

Any help would be much appreciated. Thanks!

Hi @luther,

As you are trying to edit the Jenkins’ configuration, we suggest you contact the Jenkins developers to know more about this. Please note that Bitnami packages and configures already existing applications. However, we can only offer support and help on basic and most frequent application configurations. Always based on the default configuration or on our guides.

Do not hesitate to contact us if you have any other questions regarding our solution :slight_smile:


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.