Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timeline report not rendering in Jenkins HTML report without loosening CSP even more #1890

Closed
ismail-s opened this issue Jan 18, 2022 · 6 comments
Closed

Timeline report not rendering in Jenkins HTML report without loosening CSP even more #1890

ismail-s opened this issue Jan 18, 2022 · 6 comments
Assignees
@ismail-s
Labels
enhancement fixed
Milestone
1.2.0

Comments

@ismail-s
Copy link
Contributor

Scenario

  1. Run Karate tests in Jenkins.
  2. In the Jenkins build, save the Karate report in Jenkins using the HTML publisher plugin. ie have something like this in the Jenkinsfile:
publishHTML (target : [allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'target/karate-reports',
reportFiles: '*.html',
reportName: 'Karate Report',
reportTitles: 'Karate Report'])
  1. Look at the timeline report in Jenkins

Expected

Timeline report is displayed correctly

Actual

A mostly blank page is displayed:
image

Further info/discussion

What's happening is that Jenkins sends a content security policy header. We've actually previously loosened this to show the HTML reports, by setting the CSP header to default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' data:;.

However, I've noticed that this isn't working for karate-timeline.html , as that references vis.min.js & vis.min.css from a CDN:

karate/karate-core/src/main/java/com/intuit/karate/report/karate-timeline.html

Lines 11 to 12 in 5050e30

<script src="https://cdnjs.cloudflare.com/ajax/libs/vis/4.21.0/vis.min.js"></script>
<link href="https://cdnjs.cloudflare.com/ajax/libs/vis/4.21.0/vis.min.css" rel="stylesheet" type="text/css" />

Contrast this to karate-feature.html , which does this

karate/karate-core/src/main/java/com/intuit/karate/report/karate-feature.html

Lines 9 to 11 in 5050e30

<script type="text/javascript" src="res/jquery.min.js"></script>
<script type="text/javascript" src="res/jquery.tablesorter.min.js"></script>
<script type="text/javascript" src="res/bootstrap.min.js"></script>

We could loosen our CSP even more to allow stuff from https://cdnjs.cloudflare.com, but I think it would make more sense to not fetch the vis dependency from a CDN in the first place, and to add it to this repo like is done for other deps like jquery & bootstrap. Was there a reason why this wasn't done at the time, or couldn't be done?

Thanks in advance,
Ismail
@ismail-s ismail-s changed the title Timeline report not rendering in Jenkins HTML report Timeline report not rendering in Jenkins HTML report without loosening CSP even more Jan 18, 2022
@ptrthomas
Copy link
Member

@ismail-s no particular reason. see if you can contribute a PR to expedite

ismail-s added a commit to ismail-s/karate that referenced this issue Jan 18, 2022
@ismail-s
karatelabs#1890 Add vis deps
c34abee
@ismail-s ismail-s mentioned this issue Jan 18, 2022
Merged
5 tasks
ptrthomas added a commit that referenced this issue Jan 18, 2022
@ptrthomas
Merge pull request #1891 from ismail-s/feature/1890-add-vis-deps
e487fd1 
#1890 add vis deps
@ptrthomas ptrthomas added this to the 1.2.0 milestone Jan 18, 2022
@ismail-s
Copy link
Contributor Author

Thanks very much.

@ptrthomas
Copy link
Member

@ismail-s thank you for the PR. I'll keep this open and close it when we release 1.2.0 final (process we follow)

@ptrthomas ptrthomas reopened this Jan 18, 2022
@ptrthomas
Copy link
Member

@ismail-s we actually release 1.2.0.RC4 today, so you will be able to use it from maven etc. let me know if it works ok

@ismail-s
Copy link
Contributor Author

@ptrthomas Thanks. I've given it a try and the timeline report is now rending correctly.

@ptrthomas
Copy link
Member

1.2.0 released

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ismail-s ismail-s

Labels
enhancement fixed
Projects
None yet
Milestone
1.2.0
Development

No branches or pull requests
2 participants
@ptrthomas @ismail-s