Explain Codes LogoExplain Codes Logo

Jenkins - HTML Publisher Plugin - No CSS is displayed when report is viewed in Jenkins Server

jenkins
csp
html-publisher-plugin
jenkins-security
Alex KataevbyAlex Kataev·Oct 3, 2024
TLDR

Quickly restore the CSS in your Jenkins HTML reports by adjusting the Content Security Policy (CSP). Use Jenkins' script console to execute:

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "style-src 'self' 'unsafe-inline';")

This change gives a green light for inline styles and CSS from your own domain, thus making the jubilant return of colors, aesthetics, and sanity, while maintaining a check on the CSP.

Exploring Jenkins CSP and the CSS dilemma

Unravel the CSP issue

Jenkins' default approach to CSP is akin to a strict parent; it blocks anything vaguely suspicious, such as JavaScript, CSS, images, and the likes to curtail possible threats.

CSP's impact on Jenkins Reports

A direct fallout of this policy is the stripping of CSS and JavaScript from Jenkins' HTML reports, leaving your reports unstyled, simple, and basically drab.

Implementing the CSP solution

Apply the fix right in the Script Console in Jenkins:

  • Go to Manage Jenkins
  • Enter Script Console
  • Paste and execute the script provided in the "Fast answer" section. Voila!
  • IntelliJ IDEA users might feel home with the no-restart-needed feature.

Prioritize Security

Don't go full steam! Setting CSP to a blank string indeed allows all types of content, but it's like leaving your house doors unlocked. Use specific directives like 'self', 'unsafe-inline', and 'unsafe-eval' for a balanced CSP approach.

Mastering Complex Scenarios

Automating the CSP Fix

Integrate a Groovy script within your build pipeline or at Jenkins startup, so the CSP is adjusted every time, eliminating “Did I remember to…?” moments.

Leveraging the Startup Trigger Plugin

If automation is your bestie, recruit the Startup Trigger Plugin to apply your CSP configuration every time Jenkins starts. It's like having coffee ready when you wake up!

Tackling Reports in Varied Environments

In specific setups like Serenity BDD or while running Jenkins on CentOS, loading of resources may stumble due to SELinux policies. Cross verify your system's security policies align with your Jenkins instance.

Monitoring Post Changes

After tweaking the CSP, make your system a big brother. Monitor Jenkins and the HTML Publisher Plugin. Confirm no fallouts happened and reports are glittering fine.

Validating Reports

Finally, download and peep into your reports to confirm the Darth Vader of unstyled content hasn't returned, ensuring visually appealing, easy to analyze reports.

explain-codes / Jenkins / Jenkins - HTML Publisher Plugin - No CSS is displayed when report is viewed in Jenkins Server
Linked

Html in Jenkins job descriptions

When to use the !important property in CSS

How does Content Security Policy (CSP) work?

How to save CSS changes of Styles panel in Chrome Developer Tools?

Stylesheet not loaded because of MIME type

How do I remove background-image in css?

Class JavaLaunchHelper is implemented in two places

Exploring Jenkins CSP and the CSS dilemmaMastering Complex Scenarios
Linked

Html in Jenkins job descriptions

When to use the !important property in CSS

How does Content Security Policy (CSP) work?

How to save CSS changes of Styles panel in Chrome Developer Tools?

Stylesheet not loaded because of MIME type

How do I remove background-image in css?

Class JavaLaunchHelper is implemented in two places