Resolving the nginx clickjacking issue in vRealize Operations Tenant App for vCloud Director
Article ID: 315944
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- After configuring the plugin for vRealize Operations Tenant App for vCloud Director, clicking on the Operations Manager link within vCloud Director, the Tenant App fails to load.
- The issue can be confirmed by clicking on a tenantapp API under the Network tab in Developer tools of a browser. You will observe tenantapp API calls failing with CORS errors.
Note: Developer tools is typically located under the ellipsis in the top right > More Tools > Developer Tools
Resolution
This is a known issue affecting vRealize Operations Tenant App for vCloud Director 8.5 and lower. It is resolved in 8.6.
Workaround:
To workaround the issue in vRealize Operations Tenant App for vCloud Director 8.5 and lower:
Workaround:
To workaround the issue in vRealize Operations Tenant App for vCloud Director 8.5 and lower:
- SSH into the vRealize Operations Tenant App for vCloud Director appliance using root credentials
- Launch a bash shell in the tenant-app-ui container
docker exec -it tenant-app-ui bash
- Using a text editor such as vi, edit the nginx.conf file
vi /etc/nginx/nginx.conf
- Uncomment (remove the # symbol) from the following line
#add_header Content-Security-Policy "frame-ancestors 'self' https://$VCD_HOST:443";
Notes: Replace VCD_HOST in the above line with your vCloud Director Fully Qualified Domain Name (FQDN)
If multiple vCloud Director Tenant App plugins are registered, add them to the line as shown in the following example. The vCD URLs should be space delimited, with the closing quote after the last URL.
add_header Content-Security-Policy "frame-ancestors 'self' https://$VCD_HOST1:443 https://$VCD_HOST2:443";
Notes: Replace VCD_HOST in the above line with your vCloud Director Fully Qualified Domain Name (FQDN)
If multiple vCloud Director Tenant App plugins are registered, add them to the line as shown in the following example. The vCD URLs should be space delimited, with the closing quote after the last URL.
add_header Content-Security-Policy "frame-ancestors 'self' https://$VCD_HOST1:443 https://$VCD_HOST2:443";
- Save the file and exit
- Stop the nginx server
/usr/sbin/nginx -s stop
- Start the nginx server
/usr/sbin/nginx
Additional Information
It is important to note that every time a new plugin is registered with different vCloud Director hostname, the above steps must be done to resolve the clickjacking issue for that plugin instance.
Feedback
Yes
No
Powered by
