Broken Images In All Wiki Pages In API Hub As Of Portal 5.1.2
search cancel

Broken Images In All Wiki Pages In API Hub As Of Portal 5.1.2


Article ID: 255128


Updated On:


CA API Developer Portal


Since the built-in portal's API Hub doesn't support hosting images on its gateway, all of the images needed to use in our multiple wiki articles and the welcome page, are hosted on an external site. 

After upgrading to Portal 5.1.2, all those images are broken.  In the browser's console we see the following error:

Refused to load the image 'xxxxxx' because it violates the following Content Security Policy directive: "img-src 'self' data:"


CA API Developer Portal 5.1.2


To comply with current updates in the Content-Security-Policy header, inline JavaScript is now blocked from being executed in a web browser. Content-Security-Policy is a HTTP response header that web browsers use to enhance the security of a document or web page. As of Portal 5.1.2 if you have any existing custom pages or plan to have custom pages that contain inline JavaScript, you must extract those JavaScript elements into a separate script and reference it as an external source.


Changes will be forth coming in the next Portal release where we will add functionality to make the use of the Content Security Policy header configurable.  You will have the capability to override this default behavior.