Jenkins error - Blocked script execution in <URL>. because the document's frame is sandboxed and the 'allow-scripts' permission is not set
We were using this content HTML in a Jenkins userContent directory. We recently upgraded to the latest Jenkins 1.625 LTS version & it seems they've introduced new Content security policy which adds the below header to the response headers & the browsers simply decline to execute anything like stylesheets / Javascripts.
X-Content-Security-Policy: sandbox; default-src 'none'; img-src 'self'; style-src 'self';
To get over it, we had to simply remove this header by resetting the below property in Jenkins.
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
Those who upgrade to Jenkins 1.625 & use the userContent folder might be affected by this change.
For more information refer https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
I had the same issue with HTML Publisher Plugin.
According to Jenkins new Content Security Policy, you can bypass it by setting:
hudson.model.DirectoryBrowserSupport.CSP=script-src 'unsafe-inline';
UPDATE:
For some reason on Jenkins 2.x, I had to update arguments again, with an empty CSP value, instead of script-src 'unsafe-inline, in order to fully display external HTML pages:
-Dhudson.model.DirectoryBrowserSupport.CSP=
On Windows there's a jenkins.xml in Jenkins home directory, where you can set global JVM options, such as Jenkins system properties. Simply add it under arguments tag:
<arguments>
-Xrs -Xmx256m
-Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle
"-Dhudson.model.DirectoryBrowserSupport.CSP= "
-jar "%BASE%\jenkins.war" --httpPort=8080
</arguments>
For most of the Linux distributions, you can modify JENKINS_ARGS inside file:
/etc/default/jenkins (or jenkins-oc)
For CentOS, modify JENKINS_JAVA_OPTIONS inside file:
/etc/sysconfig/jenkins (or jenkins-oc)
See more examples in the Content Security Policy Reference: http://content-security-policy.com/
You need to follow below steps for solution :
- Open the Jenkin home page.
- Go to Manage Jenkins.
- Now go to Script Console.
- And in that console paste below statement and click on Run. System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
- After that it will load css and js.
Note : After following the above steps if still it is not loading css and js then clear the browser cache and cookie and refresh the page.