Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Timeline report not rendering in Jenkins HTML report without loosening CSP even more

See original GitHub issue

Scenario

Run Karate tests in Jenkins.
In the Jenkins build, save the Karate report in Jenkins using the HTML publisher plugin. ie have something like this in the Jenkinsfile:

publishHTML (target : [allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'target/karate-reports',
reportFiles: '*.html',
reportName: 'Karate Report',
reportTitles: 'Karate Report'])

Look at the timeline report in Jenkins

Expected

Timeline report is displayed correctly

Actual

A mostly blank page is displayed:

Further info/discussion

What’s happening is that Jenkins sends a content security policy header. We’ve actually previously loosened this to show the HTML reports, by setting the CSP header to default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' data:;.

However, I’ve noticed that this isn’t working for karate-timeline.html , as that references vis.min.js & vis.min.css from a CDN: https://github.com/karatelabs/karate/blob/5050e3010a47aa9c4db308440c777f2c9aa5ad63/karate-core/src/main/java/com/intuit/karate/report/karate-timeline.html#L11-L12

Contrast this to karate-feature.html , which does this https://github.com/karatelabs/karate/blob/5050e3010a47aa9c4db308440c777f2c9aa5ad63/karate-core/src/main/java/com/intuit/karate/report/karate-feature.html#L9-L11

We could loosen our CSP even more to allow stuff from https://cdnjs.cloudflare.com, but I think it would make more sense to not fetch the vis dependency from a CDN in the first place, and to add it to this repo like is done for other deps like jquery & bootstrap. Was there a reason why this wasn’t done at the time, or couldn’t be done?

Thanks in advance, Ismail

Issue Analytics

State:
Created 2 years ago
Comments:6 (6 by maintainers)

Top GitHub Comments

1reaction

ismail-scommented, Jan 26, 2022

@ptrthomas Thanks. I’ve given it a try and the timeline report is now rending correctly.

1reaction

ptrthomascommented, Jan 18, 2022

@ismail-s thank you for the PR. I’ll keep this open and close it when we release 1.2.0 final (process we follow)

Top Results From Across the Web

Jenkins - HTML Publisher Plugin - No CSS is displayed when ...

My particular issue was missing images/css in Serenity BDD reports. After performing these steps my Serenity reports had all images/css rendering properly, ...

Solution to HTML report is not displaying in Jenkins ... - YouTube

How to fix Not able to see HTML Publish Reports in jenkins ? ... About NATASA Tech Channel,For More Automation Testing v...

Upcoming Chrome SameSite policy change will break HTML ...

The new SameSite behavior described above, together with the default Content-Security-Policy header, seems to break this use case. Specifically, ...

Rendering HTML file from build artifacts is ignoring the <style ...

When a build artifact is an html file, I expect to be able to view it in Jenkins by clicking on it. In...

Configuring Content Security Policy - Jenkins

Maven Integration Plugin; Javadoc Plugin; HTML Publisher Plugin ... DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.