search cancel

Broken Images In All Wiki Pages In API Hub As Of Portal 5.1.2

book

Article ID: 255128

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Since the built-in portal's API Hub doesn't support hosting images on its gateway, all of the images needed to use in our multiple wiki articles and the welcome page, are hosted on an external site. 

After upgrading to Portal 5.1.2, all those images are broken.  In the browser's console we see the following error:

Refused to load the image 'xxxxxx' because it violates the following Content Security Policy directive: "img-src 'self' data:"

Environment

CA API Developer Portal 5.1.2

Cause

To comply with current updates in the Content-Security-Policy header, inline JavaScript is now blocked from being executed in a web browser. Content-Security-Policy is a HTTP response header that web browsers use to enhance the security of a document or web page. As of Portal 5.1.2 if you have any existing custom pages or plan to have custom pages that contain inline JavaScript, you must extract those JavaScript elements into a separate script and reference it as an external source.

Resolution

Changes will be forth coming in the next Portal release where we will add functionality to make the use of the Content Security Policy header configurable.  You will have the capability to override this default behavior.