Most widgets access resources on the DTP server, but some widgets are designed to show information from other servers. Modern browsers, however, do not allow widgets to make requests to external servers for security reasons.
You can enable widgets to show information from external resources by whitelisting hosts in the ExternalApiWhitelist.xml file located in the <DTP_DATA_DIR>/conf/ directory. This allows widgets to make requests to a DTP service that retrieves the external resource and returns the content to the widget.
The whitelist affects the following widgets:
| Build Results | Jenkins Job Result |
|---|---|
| Tests | Jenkins Cobertura Coverage - Percent Jenkins Cobertura Coverage - Summary Jenkins Test Result - Summary |
For these widgets to work, the hosts that the widgets access must be included in the whitelist file:
Open the ExternalApiWhitelist.xml file located in the
<DTP_DATA_DIR>/conf/directory in an editor. Add an entry for each host referenced in the widgets according to the following schema:<external-api-whitelist> <host>host1.companyname.com</host> <host>host2.companyname.com</host> </external-api-whitelist>
- Save the file. You do not need to restart DTP services.
Entries in the file are host names, not full URLs. The resource URLs can use any port number, can use either HTTP or HTTPS, and can use any path. You will not need to manually specify the path after a host name and port for most widgets. For example, all of the following URLs would be allowed if you added the host alpha.companyname.com to the whitelist:
http://alpha.companyname.com/a
https://alpha.companyname.com/b
http://alpha.companyname.com:8080/x?y=z
https://alpha.companyname.com:9091/path/to/something?param=22
The URL http://alpha/path?x=y would not be allowed in this example, even if the DTP server resolves alpha and alpha.companyname.com to the same IP address. To access a resource by referring to the host simply as "alpha", you would need to add <host>alpha</host> to the whitelist file.
