[JENKINS-76263] Add documentation for CSP in core, adapt existing docs#8529
Merged
MarkEWaite merged 13 commits intojenkins-infra:masterfrom Nov 25, 2025
Merged
[JENKINS-76263] Add documentation for CSP in core, adapt existing docs#8529MarkEWaite merged 13 commits intojenkins-infra:masterfrom
MarkEWaite merged 13 commits intojenkins-infra:masterfrom
Conversation
probot-autolabeler
bot
added
the
documentation
14 tasks
- Adapt to renamed system property - Document CSP UI as new section in /doc/book/security/ - Add redirect for Resource Root URL, use it - Add note in DBS CSP that there's also UI CSP - Rephrase a few 'configure this' reminders - Mention resources from elsewhere in CSP developer docs - Update developer docs to mention new core behavior
daniel-beck
changed the title
Kevin-CB
approved these changes
Nov 18, 2025
Contributor
Kevin-CB
left a comment
Kevin-CB
left a comment
There was a problem hiding this comment.
I've read all the documentation changes, it looks fine.
FTR: I've not rendered the changed
|
|
||
| NOTE: In certain environments, this configuration will not be available. | ||
| This includes controllers whose CSP enforcement is controlled by the Java system property link:/doc/book/managing/system-properties/#jenkins-security-csp-cspheader-headername[`jenkins.security.csp.CspHeader.headerName`], as well as during Jenkins core and plugin development. | ||
| See below for more information how CSP enforcement is controlled in those environments. |
Contributor
There was a problem hiding this comment.
Suggested change
| See below for more information how CSP enforcement is controlled in those environments. | |
| See below for more information on how CSP enforcement is controlled in those environments. |
| === In Jenkins 2.TODO and newer | ||
|
|
||
| Jenkins 2.TODO and newer supports Content Security Policy out of the box. | ||
| See the link:/doc/book/security/csp/[documentation] for information how to set it up. |
Contributor
There was a problem hiding this comment.
Suggested change
| See the link:/doc/book/security/csp/[documentation] for information how to set it up. | |
| See the link:/doc/book/security/csp/[documentation] for information on how to set it up. |
- link to new spreadsheet - add section of plugins kinda inherently affected - add dashboard-view, gitlab-plugin to incompatible list
daniel-beck
force-pushed
the
JENKINS-76263
branch
from
5701817 to
715e895
Compare
Contributor
Author
|
IMO this PR is ready now. I inserted the prospective upcoming core version number as well. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Corresponds to jenkinsci/jenkins#11269.
Do not merge before that PR is merged (and the
2.TODOversion number placeholders in this PR are updated).Merge checklist:
2.TODOversion numbers with weekly version once upstream PR is merged