Jenkins HTML Publisher插件:Jenkins 1.643没有外部链接 [英] Jenkins HTML Publisher Plugin: No external links with Jenkins 1.643

问题描述

我有一个詹金斯(Jenkins)工作，我在其中生成一个HTML页面作为构建后的步骤，其中包含图像链接(HTML img标签).该HTML页面由HTMLPublisher插件针对每个作业发布.

I have a Jenkins job, where I generate an HTML-Page as a post buildstep, containing an image link ( HTML img tag). This HTML page is published by the HTMLPublisher Plugin for each job.

这一直很好.但是由于我已经将Jenkins更新为1.643版，所以当我单击发布的HTML页面时，只会看到空白页面.

This has always worked great. But since I have updated Jenkins to v. 1.643, I only see a blank page when I click the published HTML page.

我尝试了很多事情，发现了以下奇怪的行为: 自更新以来，我无法将外部链接嵌入到发布的HTML页面中. 如果我从外部位置嵌入图像(img src ="somelocation/xxx.jpg)，则不会显示该图像.

I've tried out a lot of things and found out the following strange behaviour: Since the update, I cannot embed external links into the HTML-pages I publish. If I embed an image from an external location (img src="somelocation/xxx.jpg), the image won't be displayed.

如果我使用Firefox检查HTML页面，则可以看到图像标签显示为灰色，就像它是不可见的一样，但不是.

If I examine the HTML page with Firefox, I can see that the image tag is greyed out like it was invisible, but it is not.

如果我嵌入一个指向外部位置的普通超链接，则可以在显示的页面中看到该链接，但是当我单击它时，什么也没有发生.

If I embed a normal hyperlink, pointing to an external location, I can see the link in the displayed page, but when I click on it, nothing happens.

就像詹金斯在这种情况下不允许外部链接一样.

It is like Jenkins would not permit external links in this context.

请在这里帮助我:)

谢谢！

多亏了Dave Bacher，他给了我正确的提示. 查看此页面以查看Jenkins的新安全策略.

Thanks to Dave Bacher, he gave me the right hint. Look at this page to see Jenkins' new security policy.

https://wiki.jenkins- ci.org/display/JENKINS/Configuring+Content+Security+Policy#ConfiguringContentSecurityPolicy-Implementation

您必须放宽规则，以便再次允许嵌入外部图像.

You have to relax the rules, so that embedding external images is allowed again.

要进行测试，只需在脚本控制台中键入以下内容:

For testing it, just type the following in your script console:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox; img-src *;")

这将允许嵌入来自任何外部网站的图像.

This will allow embedding images from any external website.

如果您在Ubuntu上运行Jenkins，并且想要永久设置它，只需编辑文件/etc/default/jenkins.在要传递给Java的#个参数下，添加以下行:

If you run Jenkins on Ubuntu and you want to set this permanently, just edit the file /etc/default/jenkins. Under # arguments to pass to java add the following line:

JAVA_ARGS="-Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox; img-src *;\""

推荐答案

您看到的问题可能与最近的配置内容安全策略Wiki页面.如何放松詹金斯的配置.

The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.

可以通过设置系统属性 hudson.model.DirectoryBrowserSupport.CSP 来修改Jenkins发送的CSP标头:

The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:

如果其值为空字符串，例如java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war，则将完全不发送标头.

If its value is the empty string, e.g. java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.

(警告！)这可能非常不安全，只有在检查了总体安全设置后才能使用.

(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.

您可以使用 Jenkins脚本控制台.

此外，如Wiki页面所述，请确保已升级到HTML Publisher 1.10(或更高版本).

Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).

这篇关于Jenkins HTML Publisher插件:Jenkins 1.643没有外部链接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！