Jenkins HTML Publisher Plugin: No external links with Jenkins 1.643

The issue you're seeing is likely related to recent security fixes. See the Configuring Content Security Policy wiki page for details on how to relax the Jenkins configuration.

The CSP header sent by Jenkins can be modified by setting the system property hudson.model.DirectoryBrowserSupport.CSP:

If its value is the empty string, e.g. java -Dhudson.model.DirectoryBrowserSupport.CSP= -jar jenkins.war then the header will not be sent at all.

(Warning!) This is potentially very unsafe and should only be used after reviewing the overall security setup.

You can experiment with different settings using the Jenkins Script Console.

Also as the wiki page notes, make sure you've upgraded to HTML Publisher 1.10 (or later).

I know the original question was for Linux, but this will also help out the Windows users... If you have Jenkins installed as a service (starting from Jenkins.exe) you will need to change the arguments in jenkins.xml for that property to persist.

If you are going to use the unsafe blank option remember to put the parameter in quotes. Below is my example line from jenkins.xml:

<arguments>-Xrs -Xmx1048m -XX:MaxPermSize=512m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle "-Dhudson.model.DirectoryBrowserSupport.CSP= " -jar "%BASE%\jenkins.war" --httpPort=8080</arguments>