Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set google-chrome google-chrome

Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set


javascript angularjs google-chrome jenkins

We were using this content HTML in a Jenkins userContent directory. We recently upgraded to the latest Jenkins 1.625 LTS version & it seems they've introduced new Content security policy which adds the below header to the response headers & the browsers simply decline to execute anything like stylesheets / Javascripts.

X-Content-Security-Policy: sandbox; default-src 'none'; img-src 'self'; style-src 'self';

To get over it, we had to simply remove this header by resetting the below property in Jenkins.

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

Those who upgrade to Jenkins 1.625 & use the userContent folder might be affected by this change.

For more information refer https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy

javascript angularjs google-chrome jenkins

You need to follow below steps for solution :

  1. Open the Jenkin home page.
  2. Go to Manage Jenkins.
  3. Now go to Script Console.
  4. And in that console paste below statement and click on Run.System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
  5. After that it will load css and js.

Note : After following the above steps if still it is not loading css and js then clear the browser cache and cookie and refresh the page.

javascript angularjs google-chrome jenkins

I had the same issue with HTML Publisher Plugin.

According to Jenkins new Content Security Policy, you can bypass it by setting:

hudson.model.DirectoryBrowserSupport.CSP=script-src 'unsafe-inline';

UPDATE:For some reason on Jenkins 2.x, I had to update arguments again, with an empty CSP value, instead of script-src 'unsafe-inline, in order to fully display external HTML pages:

-Dhudson.model.DirectoryBrowserSupport.CSP=

On Windows there's a jenkins.xml in Jenkins home directory, where you can set global JVM options, such as Jenkins system properties. Simply add it under arguments tag:

<arguments> -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= " -jar "%BASE%\jenkins.war" --httpPort=8080 </arguments>

For most of the Linux distributions, you can modify JENKINS_ARGS inside file:

/etc/default/jenkins (or jenkins-oc)

For CentOS, modify JENKINS_JAVA_OPTIONS inside file:

/etc/sysconfig/jenkins (or jenkins-oc)

See more examples in the Content Security Policy Reference:http://content-security-policy.com/

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last