Dashboards and reports open normally when launched in Internet Explorer. However, when launching them in Chrome (Operator Console says it only works in Chrome) all you receive is a spinning wheel.
When using the Web Browser's Dev Tools (F12) we see the following errors: Refused to load the script 'http://UMPServer.domain.com/cabijs/client/visualize.js' because it violates the following Content Security Policy directive: "script-src 'self' https: *.cloud.ca.com *.salesforceliveagent.com *.walkme.com *.ca.com *.cloudfront.net 'unsafe-eval' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The UMP does not set a Content-Security-Policy in the script source. In this instance the customer environment had a Security Appliance that was inserting a Content-Security-Policy and setting the script-src which causes problems in Chrome and FireFox.
Release : 9.2.0
Component : UIMCBI
Add the following to the included headers page to set the Content-Security-Policy on the UMP server
/nimsoft/probes/service/wasp/webapps/cabi/includes/header.jsp <head> <% // Content-Security-Policy // Summary: Content Security Policy informs the client about the sources from which the application expects to load // resources // Info: https://www.owasp.org/index.php/Content_Security_Policy response.setHeader("Content-Security-Policy", "script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;"); %>