search cancel

App View widget content its being blocked on a browser

book

Article ID: 241092

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

We upgraded NetOps to 21.2.8 (from 3.7.12), the issue resides specifically in the AppView widget:

We have been using this widget to show a URL content, a simple html content, just a table, this is an example of one o this URL's: 

The following KB article was applied but the problem remains:

https://knowledge.broadcom.com/external/article?articleId=232121

Cause

There is a known issue in 21.2.8 fixed in 21.2.10.

If the value is false or not set, PC will add the "child-src 'self'" header value and override the custom header value.

        if( props == null || (props != null && !props.get( "NpcAllowInFramesEnabled", Boolean.class, false )) )
            applyFrameSecurityHeaders( response );

So we need to do this:

replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());

Environment

Release : 21.2

Component : NetOps Portal web server

Resolution

Here are the MySQL command lines:

a)  1st MySQL command:

delete from netqosportal.performance_center_properties where PropName='NpcAllowInFramesEnabled' and Priority > 0;

b) 2nd MySQL command:

replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());

c) Then set the Custom Headers you wish to use.

Additional Information

PM has new security headers to combat security issues by including external things in Portal to pass security checks.

To allow external links you need to edit the Custom Headers in SsoConfig.

This is covered in the following section of the PM guide:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/21-2/securing/single-sign-on/Add-Custom-HTTP-Headers.html

Attachments