Unable to access insights within xFlow and in the browser console it says: "Content Security Policy: The page’s settings blocked the loading of a resource at https://hostname:port/jasperserver-pro/flow.html?_...("child.src").
Release : 17.3
The issue is resolved by updating security headers in the application.conf as below:
# Security headers
play.filters.headers.allowActionSpecificHeaders = "true"
play.filters.headers.xssProtection = "1; mode=block"
play.filters.headers.frameOptions = "SAMEORIGIN"
play.filters.headers.contentSecurityPolicy = "script-src 'self' 'unsafe-inline' 'unsafe-eval'"
play.filters.headers.permittedCrossDomainPolicies = null