APM Welcome Page is blank

Article Id: 195877

Status: Published

Updated On: 24-07-2020 11:56

Products:

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction:

Using APM 10.7 SP3, when setting introscope.apmserver.ui.welcome.url as mentioned in

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/properties-files-reference/introscopeenterprisemanager-properties.html#concept.dita_415567d672f0786bb1445983188e3bec7db9bef1_WelcomeScreen

Results with a blank page after logging in.

Cause:

Code Changes in APM 10.7. Due to several security vulnerabilities reported by customer, APM introduced Content Security Policy in 10.7 SP3 and this also affects the welcome screen

Environment:

APM 10.7.x

Resolution:

Modify the introscope.webview.headers.csp property in IntroscopeWebView.properties, as below

# Specifies content security policy settings for scripts, styles, fonts and images.
# Applies both on premise and SaaS environment. Changing the policy settings may affect usability of the UI.
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for details.
introscope.webview.headers.csp=default-src 'self'; script-src 'self' https://staging.cloud.ca.com https://cloud.ca.com https://*.salesforceliveagent.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.cloudfront.net data:; style-src 'self' https://fonts.googleapis.com https://service.force.com 'unsafe-inline'; worker-src 'self' blob:; object-src 'none'; img-src 'self' data:; frame-src 'self' https://techdocs.broadcom.com https://docs.broadcom.com https://docops.ca.com http://www.ca.com https://www.broadcom.com;

Additional Information:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP CSP (Content Security Property) Overview