Jenkins error - Blocked script execution in . because the document's frame is sandboxed and the 'allow-scripts' permission is not set

Question

I\'m aware that if we use a iFrame in HTML we\'ve to sandbox it & add the \'allow-scripts\' permission to be true.

But my problem is I don\'t have a iFrame at all

Answer 1

We were using this content HTML in a Jenkins userContent directory. We recently upgraded to the latest Jenkins 1.625 LTS version & it seems they've introduced new Content security policy which adds the below header to the response headers & the browsers simply decline to execute anything like stylesheets / Javascripts.

X-Content-Security-Policy: sandbox; default-src 'none'; img-src 'self'; style-src 'self';

To get over it, we had to simply remove this header by resetting the below property in Jenkins.

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

Those who upgrade to Jenkins 1.625 & use the userContent folder might be affected by this change.

For more information refer https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy