search

timja / jenkins-gh-issues-poc-06-18

0 stars 0 forks source link

[JENKINS-59784] Unable to view a pdf file from jenkins workspace #4637

Open timja opened 5 years ago

timja commented 5 years ago

Is this also due to restrictive Content-Security-Policy? If yes, do we have a workaround?

Originally reported by hkhan17, imported from: Unable to view a pdf file from jenkins workspace
  • status: Reopened
  • priority: Minor
  • resolution: Unresolved
  • imported: 2022/01/10
timja commented 5 years ago

danielbeck:

Try to provide actual details about what the problem is you're experiencing. "Unable" covers a wide range.

timja commented 5 years ago

hkhan17:

Basically, I cannot open a pdf file on chrome browser from jenkins workspace. If I try opening I get a blank page as you can see in the attached snapshot.

It works fine if I open it outside the workspace though.

 

Let me know if you need more clarification!

timja commented 5 years ago

hkhan17:

Basically, I cannot open a pdf file on chrome browser from jenkins workspace. If I try opening the file I get a blank page as you can see in the attached snapshot.

It works fine if I open it outside the workspace though.

 Let me know if you need more clarification!

timja commented 5 years ago

danielbeck:

If it's a CSP problem, your browser's debug/network console should tell you.

Note that Jenkins 2.200 has an alternative to CSP for user-generated content (that is not simply disabling it)

timja commented 5 years ago

hkhan17:

Thanks Daniel!

I checked the browser's console and it shows the following error:

"Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-C7vpsE1KLI7RuUgCprJTQZin6dWK+ccynbOx+OqjVow='), or a nonce ('nonce-...') is required to enable inline execution."

So it does seems to be a CSP problem. When you said alternative you meant that we can relax the rule set right with the help fo this doc - https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy

timja commented 5 years ago

danielbeck:

When you said alternative you meant that we can relax the rule set right with the help fo this doc

No, but if you actually read today's version of that wiki page it'll point out the alternative