ResourceDomainConfiguration.NeedsRootURL=Can only set resource root URL if regular root URL is set.
ResourceDomainConfiguration.InvalidRootURL=Jenkins root URL is set to an invalid value, please report a bug: {0}
ResourceDomainConfiguration.Empty=Without a resource root URL, resources will be served from the main domain with Content-Security-Policy set.
ResourceDomainConfiguration.NeedsRootURL=Can only set resource root URL if Jenkins URL is set.
ResourceDomainConfiguration.InvalidRootURL=Jenkins URL is set to an invalid value, please report a bug: {0}
ResourceDomainConfiguration.Empty=Without a resource root URL, resources will be served from the Jenkins URL with Content-Security-Policy set.
ResourceDomainConfiguration.NotJenkins=The specified URL does not appear to point to a Jenkins instance.
ResourceDomainConfiguration.ThisJenkins=The specified URL is a valid resource root URL candidate.
ResourceDomainConfiguration.OtherJenkins=The specified URL points to a different Jenkins instance.
ResourceDomainConfiguration.SomeJenkins=The specified URL points to a Jenkins instance, but failed to determine whether it is this or another instance.
ResourceDomainConfiguration.ResourceResponse=The specified URL points to a previously set up Jenkins resource URL.
ResourceDomainConfiguration.SomeJenkins=The specified URL points to a Jenkins instance, but could not determine whether it is this or another instance.
ResourceDomainConfiguration.ResourceResponse=The specified URL points to a previously set up resource root URL.
ResourceDomainConfiguration.FailedIdentityCheck=An error occurred when checking the instance identity at that URL: {0} {1}
ResourceDomainConfiguration.Exception=An exception occurred with the URL: {0}
ResourceDomainConfiguration.IOException=Failed to connect: {0}
ResourceDomainConfiguration.Invalid=Not a valid URL.
ResourceDomainConfiguration.SameAsJenkinsRoot=Cannot use the same host name for both Jenkins root URL and resource root URL.
ResourceDomainConfiguration.SameAsJenkinsRoot=Cannot use the same host name for both Jenkins URL and resource root URL.
ResourceDomainConfiguration.SameAsCurrent=You are currently accessing Jenkins through a URL similar to the proposed resource root URL. Saving this URL might remove your access to Jenkins.
If the resource root URL is defined, Jenkins will instead redirect requests for user-created resource files to URLs starting with the URL configured here.
These URLs will not set the CSP header, allowing Javascript and similar features to work.
These URLs will not set the CSP header, allowing JavaScript and similar features to work.
For this option to work as expected, the following constraints and considerations apply:
</p>
<ul>
<li>The resource root URL must be a valid alternative choice for the Jenkins root URL for requests to be processed correctly.</li>
<li>The Jenkins root URL must be set and it must be different from this resource root URL (in fact, a different host name is required).</li>
<li>The resource root URL must be a valid alternative choice for the Jenkins URL for requests to be processed correctly.</li>
<li>The Jenkins URL must be set and it must be different from this resource root URL (in fact, a different host name is required).</li>
<li>
Once set, Jenkins will only serve resource URL requests via the resource root URL.
All other requests will get <em>HTTP 404 Not Found</em> responses.
...
...
@@ -48,4 +48,4 @@
Resource URLs encode the URL, the user for which they were created, and their creation timestamp.
Additionally, this string contains an <ahref="https://en.wikipedia.org/wiki/HMAC"rel="noopener noreferrer"target="_blank">HMAC</a> to ensure the authenticity of the URL.
This prevents attackers from forging URLs that would grant them access to resource files as if they were another user.
blurb=The default Content-Security-Policy is currently overridden using the <code>hudson.model.DirectoryBrowserSupport.CSP</code> system property, which is a potential security issue when browsing untrusted files. \
As an alternative, you can set up a <strong>Resource Root URL</strong> that Jenkins will use to serve some static files without adding <code>Content-Security-Policy</code> headers.
As an alternative, you can set up a <strong>resource root URL</strong> that Jenkins will use to serve some static files without adding <code>Content-Security-Policy</code> headers.