CABI Summary Dashboard not working in chrome


Article ID: 144678


Updated On:


NIMSOFT PROBES DX Infrastructure Management


Dashboards and reports open normally when launched in Internet Explorer. However, when launching them in Chrome (Operator Console says it only works in Chrome) all you receive is a spinning wheel.

When using the Web Browser's Dev Tools (F12) we see the following errors:
Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' https: * * * * * 'unsafe-eval' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.


The UMP does not set a Content-Security-Policy in the script source. In this instance the customer environment had a Security Appliance that was inserting a Content-Security-Policy and setting the script-src which causes problems in Chrome and FireFox.


Release : 9.2.0

Component : UIMCBI


Add the following to the included headers page to set the Content-Security-Policy on the UMP server


    // Content-Security-Policy
    //  Summary: Content Security Policy informs the client about the sources from which the application expects to load
    //           resources
    //  Info:
    response.setHeader("Content-Security-Policy", "script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");