There’s a new resource subdomain setting for this to avoid allowing cross site scripting exploits from published stuff on the Jenkins domain. It’s an admin setting, though.
On Sun, Aug 16, 2020 at 05:25 Sebastian <sna...@apache.org> wrote: > Hi, > > > > when the accessing Javadocs on the new ci-builds.apache.org the server > sends > > > > Content-Security-Policy: sandbox; default-src 'none'; img-src 'self'; > style-src 'self'; > > > > which causes that the "nightly" docs aren't shown properly in the browser, > eg. > > - frames are empty > > > https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/javadoc/index.html?overview-tree.html > > - or XSLT is not applied > > > https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/javadoc/resources/nutch-default.xml > > > > The old builds.apache.org didn't send a X-Content-Security-Policy header > and > > the docs are shown appropriately: > > > https://builds.apache.org/job/nutch-trunk/javadoc/index.html?overview-tree.html > > > https://builds.apache.org/job/nutch-trunk/javadoc/resources/nutch-default.xml > > > > Is there are reason for the stricter security policy? > > If yes, what is the preferred way to publish documentation of nightly > builds? > > > > Thanks, > > Sebastian > > -- Matt Sicker <boa...@gmail.com>
