Settings applied to Prod, closing

Thanks for providing the page. It looked fine when I opened it and had the following CSP:

Content-Security-Policy: sandbox allow-scripts; default-src 'self' https://cdnjs.cloudflare.com; img-src 'self'; style-src 'self' https://cdnjs.cloudflare.com;

I assume it was set using the script console. The only error in JS console that I see is when clicking on the "log" link: "Refused to apply inline style ..." - I assume that is OK since the log is open raw anyways. If not we should add 'unsafe-inline' to default-src but that would potentially lower security.

Applied the value through hudson.model.DirectoryBrowserSupport.CSP and updated the patch

@Former user http://jenkins-staging.phx.ovirt.org/job/jenkins_standard-check-patch/1636/artifact/ci_build_summary.html

I think we should give higher priority to this task since @Barak Korren is writing some code to allow projects to choose which UI they want to see.

Indeed, there seems to have been a misunderstanding about the reasoning behind this change. @Former user could you please share a page that is broken without the required change? I want to see what we are fixing so that we can ensure it works and Prod can be patched.

@Former user you don't need to "solve" this, as I commented on the Puppet patch, you shouldn't have don this at all in the first place. @Former user asked you to relex CPS settings in jenkins not add more setting in Apache.