CABI fails to load displaying errors of refusal in developer tools
search cancel

CABI fails to load displaying errors of refusal in developer tools

book

Article ID: 137088

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Noto+Sans' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Refused to frame 'https://cabi-domain.com/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

Environment

Release: 9.0.2
Component: UIM - CABI

Resolution

On the UMP server add the following to the <head> section of the following file:

C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\cabi\includes\header.jsp

  <%

    // Content-Security-Policy

    // Summary: Content Security Policy informs the client about the sources from which the application expects to load

    // resources

    // Info: https://www.owasp.org/index.php/Content_Security_Policy

    response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");

  %>

After which restart the wasp probe on the UMP server.