Hi everyone, Since Jenkins 2.539, Content Security Policy support is a core feature that admins can opt in to[1]. It helps protect from cross-site scripting vulnerabilities on the Jenkins UI. This is different from similar protection in DirectoryBrowserSupport (usually serving user content) that has existed for many years.
While the vast majority of plugins is compatible with these new restrictions, many are not yet. With the first LTS release with this feature coming soon, now would be a good time to check the list[2] of known incompatible plugins to see whether any of yours still need some work. The most common problems and their solutions are documented[3]. Most problems do not require a Jenkins core dependency update to fix either. There might also be an open PR waiting for you already. If you have questions or need help, feel free to ping me directly on GH or in Jira, or send a message in Gitter (directly or in jenkinsci/csp). Daniel 1: https://www.jenkins.io/doc/book/security/csp/ 2: https://github.com/daniel-beck/csp-compatibility (temporary location) 3: https://www.jenkins.io/doc/developer/security/csp/ -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/B512E976-0642-44B5-A81A-A8B0697DA955%40beckweb.net.
