App View widget content its being blocked on a browser
Article ID: 241092
Updated On:
Products
Issue/Introduction
We upgraded NetOps to 21.2.8 (from 3.7.12), the issue resides specifically in the AppView widget:
We have been using this widget to show a URL content, a simple html content, just a table, this is an example of one o this URL's:
The following KB article was applied but the problem remains:
https://knowledge.broadcom.com/external/article?articleId=232121
Environment
Release : 21.2
Component : NetOps Portal web server
Cause
There is a known issue in 21.2.8 fixed in 21.2.10.
If the value is false or not set, PC will add the "child-src 'self'" header value and override the custom header value.
if( props == null || (props != null && !props.get( "NpcAllowInFramesEnabled", Boolean.class, false )) )
applyFrameSecurityHeaders( response );
So we need to do this:
replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());
Resolution
Here are the MySQL command lines:
a) 1st MySQL command:
delete from netqosportal.performance_center_properties where PropName='NpcAllowInFramesEnabled' and Priority > 0;
b) 2nd MySQL command:
replace into netqosportal.performance_center_properties values('NpcAllowInFramesEnabled',0,'true','N',UNIX_TIMESTAMP());
c) Then set the Custom Headers you wish to use.
Additional Information
PM has new security headers to combat security issues by including external things in Portal to pass security checks.
To allow external links you need to edit the Custom Headers in SsoConfig.
This is covered in the following section of the PM guide:
Attachments
Feedback
