ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

App View widget content its being blocked on a browser


Article ID: 241092


Updated On:


CA Performance Management - Usage and Administration DX NetOps


We upgraded NetOps to 21.2.8 (from 3.7.12), the issue resides specifically in the AppView widget:

We have been using this widget to show a URL content, a simple html content, just a table, this is an example of one o this URL's: 

The following KB article was applied but the problem remains:


There is a known issue in 21.2.8 fixed in 21.2.10.

If the value is false or not set, PC will add the "child-src 'self'" header value and override the custom header value.

        if( props == null || (props != null && !props.get( "NpcAllowInFramesEnabled", Boolean.class, false )) )
            applyFrameSecurityHeaders( response );

So we need to do this:

replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());


Release : 21.2

Component : NetOps Portal web server


Here are the MySQL command lines:

a)  1st MySQL command:

delete from netqosportal.performance_center_properties where PropName='NpcAllowInFramesEnabled' and Priority > 0;

b) 2nd MySQL command:

replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());

c) Then set the Custom Headers you wish to use.

Additional Information

PM has new security headers to combat security issues by including external things in Portal to pass security checks.

To allow external links you need to edit the Custom Headers in SsoConfig.

This is covered in the following section of the PM guide: