Jenkins HTML Publisher 插件:没有与 Jenkins 1.643 的外部链接 [英] Jenkins HTML Publisher Plugin: No external links with Jenkins 1.643
问题描述
我有一份 Jenkins 工作,我在其中生成一个 HTML 页面作为后期构建步骤,其中包含一个图像链接(HTML img 标签).此 HTML 页面由 HTMLPublisher 插件为每个作业发布.
I have a Jenkins job, where I generate an HTML-Page as a post buildstep, containing an image link ( HTML img tag). This HTML page is published by the HTMLPublisher Plugin for each job.
这一直很有效.但由于我已将 Jenkins 更新为 v. 1.643,因此当我单击已发布的 HTML 页面时,我只会看到一个空白页面.
This has always worked great. But since I have updated Jenkins to v. 1.643, I only see a blank page when I click the published HTML page.
我尝试了很多东西,发现了以下奇怪的行为:自更新以来,我无法将外部链接嵌入到我发布的 HTML 页面中.如果我从外部位置嵌入图像 (img src="somelocation/xxx.jpg),图像将不会显示.
I've tried out a lot of things and found out the following strange behaviour: Since the update, I cannot embed external links into the HTML-pages I publish. If I embed an image from an external location (img src="somelocation/xxx.jpg), the image won't be displayed.
如果我使用 Firefox 检查 HTML 页面,我可以看到图像标记变灰,就像不可见一样,但事实并非如此.
If I examine the HTML page with Firefox, I can see that the image tag is greyed out like it was invisible, but it is not.
如果我嵌入一个普通的超链接,指向外部位置,我可以在显示的页面中看到该链接,但是当我点击它时,什么也没有发生.
If I embed a normal hyperlink, pointing to an external location, I can see the link in the displayed page, but when I click on it, nothing happens.
就像 Jenkins 不允许在这种情况下使用外部链接一样.
It is like Jenkins would not permit external links in this context.
请帮帮我:)
谢谢!
感谢 Dave Bacher,他给了我正确的提示.查看此页面以了解 Jenkins 的新安全策略.
Thanks to Dave Bacher, he gave me the right hint. Look at this page to see Jenkins' new security policy.
您必须放宽规则,以便再次允许嵌入外部图像.
You have to relax the rules, so that embedding external images is allowed again.
要测试它,只需在脚本控制台中键入以下内容:
For testing it, just type the following in your script console:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox; img-src *;")
这将允许嵌入来自任何外部网站的图像.
This will allow embedding images from any external website.
如果你在 Ubuntu 上运行 Jenkins 并且你想永久设置它,只需编辑文件/etc/default/jenkins.conf .在 # arguments to pass to java 下添加以下行:
If you run Jenkins on Ubuntu and you want to set this permanently, just edit the file /etc/default/jenkins. Under # arguments to pass to java add the following line:
JAVA_ARGS="-Dhudson.model.DirectoryBrowserSupport.CSP="sandbox; img-src *;""
推荐答案
您看到的问题可能与最近的 安全修复.有关详细信息,请参阅配置内容安全策略维基页面如何放松 Jenkins 配置.
The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.
Jenkins发送的CSP头可以通过设置系统属性hudson.model.DirectoryBrowserSupport.CSP来修改:
The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:
如果它的值为空字符串,例如java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war 那么头就不会被发送.
If its value is the empty string, e.g. java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.
(警告!)这可能非常不安全,只有在检查整体安全设置后才能使用.
(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.
您可以使用 Jenkins 脚本控制台.
另外,如维基页面所述,请确保您已升级到 HTML Publisher 1.10(或更高版本).
Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).
这篇关于Jenkins HTML Publisher 插件:没有与 Jenkins 1.643 的外部链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
