How to set/relax the Jenkins Security rules

Hi there,

I installed a plugin from Allure reports in order to get a report with the test results. Problem comes when setting the Content Security Policy for plugin pages. I am not able to find the jenkins file.

I need to add this two lines:

“-Dhudson.model.DirectoryBrowserSupport.CSP=default-src ‘self’; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’;”"-Djenkins.model.DirectoryBrowserSupport.CSP=default-src ‘self’; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’;"

Default path is /etc/default/jenkins but Jenkins is installed in google cloud and this path doesn’t exist.

Thanks in advance

Hi @araquefran

You can add your rules in /opt/bitnami/apps/jenkins/jenkins_home/config.xml

I hope it helps. Please, feel free to post here if you have any other question!

Regards,
Fran

Hi @fortiz
Thank you so much for your quick answer. I’m not sure if I am doing well.

I am adding this two lines into the :
hudson.model.DirectoryBrowserSupport.CSP=default-src ‘self’; script-src
‘self’ ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’;
jenkins.model.DirectoryBrowserSupport.CSP=default-src ‘self’; script-src
‘self’ ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’;

But this is not working as expected when restarting jenkins.

Am I adding the rules in the right way?

Thank you so much

Hi @araquefran

Could you please share with us your config.xml file? You can post here just the part where you included those lines.

Regards,
Fran

Hi there,

I would very much like a follow up to this. What XML tags specifically would we put our content security commands under?

My preferred configuration is:

System.setProperty(“hudson.model.DirectoryBrowserSupport.CSP”, “sandbox allow-scripts; default-src ‘unsafe-inline’; img-src * data:; script-src ‘self’ ‘unsafe-inline’; default-src ‘self’;“)

Thank you!

Hi @luther

As the parent thread in this discussion is quite old and to avoid mixing information, could you please open a new thread with your request? We will be happy to help you there. Thank you.

Vikram