Hi,
After upgrade from SonarQube 10.4.1 to 10.5.0 the logo we are using on the property ‘sonar.lf.logoUrl’ doesn’t work anymore.
I tried with different image, but it’s always the same.
Looks there was some changes on cross origin. I didn’t saw anything on the release notes
An external logo was working on 9.9 LTS and 10.4.1
Thanks
Any workaround for this ?
Hi there @jonesbusy,
I investigated the issue, and indeed it is a small bug related to cross-origin policy. I reproduced it:
The cross-origin policy we introduced was too strict. Please follow this ticket for progress which will begin very soon.
There is no workaround for the moment (other than temporarily disabling the property) until a 10.5.1 patch is available - which will be very soon!
Many regards
Alain
Thanks! I will let you know after the 10.5.1 upgrade
Hi again, @jonesbusy
Over the last few days, I have been thinking, and indeed I have a workaround for you.
If it is possible, could you host the image locally, preferably in the /web folder? In other words, say your file’s name is image.png, using the same property, you can reference it like so:
sonar.lf.logoUrl=http://<host>/image.png
I did try it locally, and it worked:
Please let me know if it is possible and, more importantly, if it works.
Kind regards
Alain
Hi Alain, I believe this is also reason why sonar badges cannot be used in any external systems like Gilab. Will this be solved in 10.5.1 too?
Hi there @Tomio,
Welcome to the community 
Would it be possible to provide us with more details, perhaps a screenshot?
Kind regards
Every SonaQube project provides Badges for external use. E.g.
https://sonar.mydomain.com/api/project_badges/measure?project=myproject&metric=alert_status&token=redacted
These are being loaded in Gitlab projects to show status on dashboard.
Since update to 10.5, this stopped working as it is being blocked by cross-origin settings in Sonarqube:
I was able to workaround it using custom settings in nginx:
add_header Cross-Origin-Resource-Policy "cross-origin";
Sure I will try next week if I can play with init container of the helm chart and download the image on the web folder
Good afternoon, all!
Many thanks for the feedback. After much deliberation, we decided not to include this fix in the 10.5.1 patch, as 10.6 will be released around June and will contain the bug fix.
We hope the abovementioned array of workarounds will be sufficient, and we apologize for any inconvenience caused.
Please reach out should you have any more concerns.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
