Can not display Sonarqube report in Jenkins job page using iframe

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Soncarqube version:
  • how is SonarQube deployed: zip, Docker, Helm
    Sonarqube is deployed as a Docker
  • what are you trying to achieve
    I need to display the sonarqube report in jenkins job page itself.
  • what have you tried so far to achieve this
    I installed nginx and make it act as a reverse proxy. I am able to hit the nginx url from the browser and it loads the sonar qube report successfully. When I try to display the sonarqube report using <iframe> from jenkins job, it shows the below error

Below are my nginx proxy configuration:

cat /etc/nginx/nginx.conf

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/;

events {
worker_connections 1024;

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

include /etc/nginx/conf.d/*.conf;

server {
    listen 80;
    server_name;  # Change this to your Jenkins server domain or IP

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Add the Content-Security-Policy header
        add_header Content-Security-Policy "frame-src 'self'; style-src 'self'; font-src 'self'";


I am using below code in jenkins job to hit the nginx reverse proxy with inturn display the sonarqube report:

SonarQube Report Dashboard

Chrome broswer console shows the below error: The CrossOriginOpenerPolicy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See and
(index):6583 crbug/1173575, nonJS module files deprecated.
(anonymous) @ (index):6583
8stageview.js:4557 No "datastageId" on stage.
(anonymous) @ stageview.js:4557 [Intervention] Slow network is detected. See for more details. Fallback font will be used while loading:
DevTools failed to load source map: Could not load content for chromeextension://iidnbdjijdkbmajdffnidomddglmieko/sourceMap/ System error: net::ERR_BLOCKED_BY_CLIENT
DevTools failed to load source map: Could not load content for HTTP error: status code 403, net::ERR_HTTP_RESPONSE_CODE_FAILURE

Please help in this regard at the earliest possible time.

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!**

It looks like your browser is refusing the load the iframe because your SonarQube server isn’t being served over HTTPS (something that would also be handled at the reverse proxy layer, in this case nginx)