APM Welcome Page is blank

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

Using APM 10.7 SP3, when setting introscope.apmserver.ui.welcome.url as mentioned in

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/properties-files-reference/introscopeenterprisemanager-properties.html#concept.dita_415567d672f0786bb1445983188e3bec7db9bef1_WelcomeScreen

Results with a blank page after logging in.

Cause

Code Changes in APM 10.7. Due to several security vulnerabilities reported by customer, APM introduced Content Security Policy in 10.7 SP3 and this also affects the welcome screen

Environment

APM 10.7.x

Resolution

Modify the introscope.webview.headers.csp property in IntroscopeWebView.properties, as below

# Specifies content security policy settings for scripts, styles, fonts and images.
# Applies both on premise and SaaS environment. Changing the policy settings may affect usability of the UI.
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for details.
introscope.webview.headers.csp=default-src 'self'; script-src 'self' https://staging.cloud.ca.com https://cloud.ca.com https://*.salesforceliveagent.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.cloudfront.net data:; style-src 'self' https://fonts.googleapis.com https://service.force.com 'unsafe-inline'; worker-src 'self' blob:; object-src 'none'; img-src 'self' data:; frame-src 'self' https://techdocs.broadcom.com https://docs.broadcom.com https://docops.ca.com http://www.ca.com https://www.broadcom.com;

Additional Information

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP CSP (Content Security Property) Overview

APM Welcome Page is blank

Article ID: 195877

Updated On: