[JENKINS-76302] Make GH org avatars work with CSP

Author: daniel-beck

pom.xml

@@ -35,8 +35,11 @@
     <hpi.compatibleSinceVersion>2.2.0</hpi.compatibleSinceVersion>
     <!-- https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/ -->
     <jenkins.baseline>2.504</jenkins.baseline>
-    <jenkins.version>${jenkins.baseline}.3</jenkins.version>
+    <!-- TODO https://github.com/jenkinsci/jenkins/pull/11269 -->
+    <jenkins.version>2.537-rc37714.d5718019b_8ff</jenkins.version>
     <spotless.check.skip>false</spotless.check.skip>
+    <!-- AvatarContributor in GitHubOrgMetadataAction; SuppressRestrictedWarnings doesn't work -->
+    <useBeta>true</useBeta>
   </properties>
 
   <dependencyManagement>

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubOrgMetadataAction.java

@@ -32,6 +32,7 @@
 import java.io.ObjectStreamException;
 import java.util.Objects;
 import jenkins.scm.api.metadata.AvatarMetadataAction;
+import jenkins.security.csp.AvatarContributor;
 import org.apache.commons.lang3.StringUtils;
 import org.kohsuke.github.GHUser;
 import org.kohsuke.stapler.Stapler;
@@ -52,6 +53,7 @@ public GitHubOrgMetadataAction(@NonNull GHUser org) throws IOException {
 
     public GitHubOrgMetadataAction(@CheckForNull String avatar) {
         this.avatar = Util.fixEmpty(avatar);
+        AvatarContributor.allow(avatar);
     }
 
     public GitHubOrgMetadataAction(@NonNull GitHubOrgMetadataAction that) {
@@ -60,6 +62,7 @@ public GitHubOrgMetadataAction(@NonNull GitHubOrgMetadataAction that) {
 
     private Object readResolve() throws ObjectStreamException {
         if (avatar != null && StringUtils.isBlank(avatar)) return new GitHubOrgMetadataAction(this);
+        AvatarContributor.allow(avatar);
         return this;
     }