「Jenkins」- Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

更新日期:2021年01月11日

问题描述

在 Jenkins 中,当访问测试报告时,页面无法正常显示(页面没有显示内容)。浏览器控制台显示如下错误消息:

...
Refused to frame 'https://jenkins.example.com/' because it violates the following 
Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was 
not explicitly set, so 'default-src' is used as a fallback.

Blocked script execution in '<URL>' because the document's frame is sandboxed and 
the 'allow-scripts' permission is not set.
...

软件版本:Jenkins 2.274 in Docker

解决方案

方案一、放宽规则(不推荐)

在 Script Console 中,执行 System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "") 脚本,以此来解决问题。

但是该方法放宽规则,官方并不鼓励该做法。并且我们使用该方法也没有生效,可能在新版本 Jenkins 中被废弃。

方案二、Resource Root URL(推荐)

官方推荐的方法:
1)为 Jenkins 服务再绑定新域名(当然要配置 Nginx 指向 Jenkins 服务);
2)并在 Manage Jenkins / Configure System / .. / Resource Root URL 中填写带地址;

参考文献

Configuring Content Security Policy
javascript - Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set - Stack Overflow
html - because the document's frame is sandboxed and the 'allow-scripts' permission is not set - Stack Overflow
javascript - Blocked script execution in because the document's frame is sandboxed - Angular application - Stack Overflow


ToC

问题描述

解决方案

方案一、放宽规则(不推荐)

方案二、Resource Root URL(推荐)

参考文献