Content Security Policy

Warning
Jenkins is currently (version 2.390) not ready for this plugin to be used to enforce Content-Security-Policy for most resources in production environments. Many features, both in core and plugins, will stop working with the default rule set. At this time, this plugin is a utility for Jenkins developers, not for Jenkins administrators.

Introduction

This plugin implements Content-Security-Policy protection for the classic Jenkins UI.

Getting started

Install this plugin to have basic reporting of Content-Security-Policy violations in Jenkins: A new link Content Security Policy Reports on the Manage Jenkins page allows administrators to review reported policy violations.

Rules can be configured on the Configure Global Security configuration screen.

Issues

Report issues and enhancements in the Jenkins issue tracker.

Contributing

Refer to our contribution guidelines.

LICENSE

Licensed under MIT, see LICENSE.