search cancel

Content Security Domain update (with Command Prompt and in Clarity database)

book

Article ID: 189773

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

How to perform a Content Security Domain update in Clarity database, in order to whitelist URLs for use with Clarity as per Content Security Policy. How to update CONTENT_SECURITY_DOMAINS? 

Environment

Release : All Supported Clarity releases

Resolution

The allowed domains are stored in CMN_OPTIONS_VALUES table. They can be updated with commands run on the Clarity app server, example:

List the Domains:

This command lists option values for the CONTENT_SECURITY_DOMAINS setting in the cmn_option_values table:

Please run this command first to backup and save the output, so you can re-add the domains back

admin system-options -list CONTENT_SECURITY_DOMAINS

Add a New Value:

This command adds a new ca.com option value for the CONTENT_SECURITY_DOMAINS setting in the cmn_option_values table:

admin system-options -add CONTENT_SECURITY_DOMAINS ca.com -multi


Delete All Values:

This command deletes all current domains and seed data

If you are going to delete the domains, please run List All Values command first and save the output, so you can re-add them back

admin system-options -delete CONTENT_SECURITY_DOMAINS

Add back Required OOTB Values:

This command adds all required seeded domains. Those are required for Clarity, and some of it's options such as Help to work:

Please run all these if you have run the delete command and removed all seeded data

admin system-options -add CONTENT_SECURITY_DOMAINS "'self'" -multi
admin system-options -add CONTENT_SECURITY_DOMAINS app.pendo.io -multi
admin system-options -add CONTENT_SECURITY_DOMAINS cdn.pendo.io -multi
admin system-options -add CONTENT_SECURITY_DOMAINS cdnjs.cloudflare.com -multi
admin system-options -add CONTENT_SECURITY_DOMAINS fonts.googleapis.com -multi
admin system-options -add CONTENT_SECURITY_DOMAINS data.pendo.io -multi
admin system-options -add CONTENT_SECURITY_DOMAINS login.broadcom.com -multi
admin system-options -add CONTENT_SECURITY_DOMAINS techdocs.broadcom.com -multi

 

After issuing the commands, flush all caches especially systemOptions and securityDomains.

In some instances a restart of the app server may be required for the change to function.

Additional Information

To check which options are selected in the database, run the query:

select * from cmn_option_values where option_id in
( select id from cmn_options where option_code ='CONTENT_SECURITY_DOMAINS')

This is how the OOTB output of seeded values looks like:

Additional documentation here:

CSA: Service and Admin Command-Line Utilities (On-Premise Only)

Attachments