You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the Gradle generated dependency-check-report.html holds inline-styles and scripts.
This is blocked by CSP if you serve the file by a server, like via Jenkins publishHTML.
The only way to get the page working currently is to lower CSP by
style-src 'self' 'unsafe-inline' and for script-src (this is strongly disscuraged)
Better is to externalize the styles, scripts and images into separate files and reference in dependency-check-report.html
Only possible way is to download the report html to get it working.
The text was updated successfully, but these errors were encountered:
robertoschwald
changed the title
Do not use inline-styles in dependency-check-report.html due to CSP
Do not use inline styles in dependency-check-report.html due to CSP
Apr 11, 2024
robertoschwald
changed the title
Do not use inline styles in dependency-check-report.html due to CSP
Do not use inline styles, scripts and image in dependency-check-report.html due to CSP
Apr 11, 2024
For your purpose I think it would suffice to switch your setup to use the report type JENKINS instead of report type HTML, which was added in response to #5039
Unfortunately, not really. The inline-styles are still blocked by CSP. Cleanest solution would be to split JS and css into seperate files in JENKINS type report, so we can publish them with the html page.
The purpose of having it all bundled is to have a single file that is completely contained so that it can easily be viewed offline. Regarding the JENKINS report - we accept PRs.
Currently, the Gradle generated dependency-check-report.html holds inline-styles and scripts.
This is blocked by CSP if you serve the file by a server, like via Jenkins publishHTML.
The only way to get the page working currently is to lower CSP by
style-src 'self' 'unsafe-inline'
and for script-src (this is strongly disscuraged)Better is to externalize the styles, scripts and images into separate files and reference in dependency-check-report.html
Only possible way is to download the report html to get it working.
The text was updated successfully, but these errors were encountered: