Jenkins Content Security Policy

Question

I\'m confused about Jenkins Content Security Policy.

I know these sites:

• Configuring Content Security Policy
• Content Security Policy Reference

Answer 1

While experimenting, I recommend using the Script Console to adjust the CSP parameter dynamically as described on the Configuring Content Security Policy page. (There's another note in the Jenkins wiki page that indicates you may need to Force Reload the page to see the new settings.)

In order to use both inline styles and local stylesheets, you need to add both self and unsafe-inline:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; style-src 'self' 'unsafe-inline';")

Depending on how the progressbar is manipulated, you may need to adjust 'script-src' in the same way as well.

Once you find a setting that works, you can adjust the Jenkins startup script to add the CSP parameter definition.