APM Welcome Page is blank

book

Article ID: 195877

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

Cause

Code Changes in APM 10.7. Due to several security vulnerabilities reported by customer, APM introduced Content Security Policy in 10.7 SP3 and this also affects the welcome screen

Environment

APM 10.7.x

Resolution

Modify the introscope.webview.headers.csp property in IntroscopeWebView.properties, as below

# Specifies content security policy settings for scripts, styles, fonts and images.
# Applies both on premise and SaaS environment. Changing the policy settings may affect usability of the UI.
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for details.
introscope.webview.headers.csp=default-src 'self'; script-src 'self' https://staging.cloud.ca.com https://cloud.ca.com https://*.salesforceliveagent.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.cloudfront.net data:; style-src 'self' https://fonts.googleapis.com https://service.force.com 'unsafe-inline'; worker-src 'self' blob:; object-src 'none'; img-src 'self' data:; frame-src 'self' https://techdocs.broadcom.com https://docs.broadcom.com https://docops.ca.com http://www.ca.com https://www.broadcom.com;

Additional Information

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP   CSP (Content Security Property)  Overview 

Attachments