[JENKINS-73955] CSP support for DockerManagementServer
#1107
Conversation
| public String getJsUrl(String jsName) { | ||
| return Consts.PLUGIN_JS_URL + jsName; | ||
| } | ||
|
|
There was a problem hiding this comment.
Dead code, as this is now served through a Stapler adjunct.
|
|
||
| /** | ||
| * The base URL of the plugin javascripts. | ||
| */ | ||
| public static final String PLUGIN_JS_URL = PLUGIN_URL + "js/"; |
There was a problem hiding this comment.
Dead code, as this is now served through a Stapler adjunct.
| function stop(theId) { | ||
| var input = document.getElementById('stopId'); | ||
| if (input != null) { | ||
| input.value = theId; | ||
| } | ||
|
|
||
| var form = document.getElementById('control'); | ||
| form.submit(); | ||
| } |
There was a problem hiding this comment.
This code previously lived in src/main/webapp/js/docker-manage.js and has been moved without alteration. It has been moved here so it can be consumed through a Stapler adjunct.
| document.addEventListener('DOMContentLoaded', () => { | ||
| const stopContainerButtons = document.querySelectorAll('#control .stop-container'); | ||
| stopContainerButtons.forEach((button) => | ||
| button.addEventListener('click', () => { | ||
| stop(button.dataset.id); | ||
| }), | ||
| ); | ||
| }); |
There was a problem hiding this comment.
| @@ -1,9 +1,9 @@ | |||
| <?jelly escape-by-default='true'?> | |||
| <j:jelly xmlns:j="jelly:core" xmlns:l="/lib/layout" xmlns:f="/lib/form" | |||
| <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:l="/lib/layout" xmlns:f="/lib/form" | |||
There was a problem hiding this comment.
So that the <st:> namespace can be used on line 6 below.
| @@ -52,7 +52,7 @@ | |||
| </j:forEach> | |||
| </td> | |||
| <td> | |||
| <input type="button" value="stop" onclick="stop('${res.id}')"></input> | |||
| <input type="button" class="stop-container" value="stop" data-id="${res.id}"></input> | |||
There was a problem hiding this comment.
|
This pull requests arrives with great timing. @krisstern has asked that I create a new release of the docker plugin. I'll check these changes in my instance, merge the pull request, and deliver a new release. |
|
Please watch out for #1103 when cutting that release. |
basil
changed the title
DockerManagementServerDockerManagementServer
Moving an inline event handler to a separate file as per https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
Testing done
Created a Docker server with a single container and tried stopping it in the UI in restrictive CSP mode before this PR. I got a CSP violation and the attempt failed. After this PR there is no CSP violation logged and the attempt successfully stops the container.