Content-Security-Policy header cannot change after set it in standalone-full.xml
search cancel

Content-Security-Policy header cannot change after set it in standalone-full.xml

book

Article ID: 404437

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Update the standalone-full.xml to specify the value of Content-Security-Policy header,

<response-header name="content-security-policy" header-name="Content-Security-Policy" header-value="default-src 'self';"/>

But the adminUI still returns content-security-policy: frame-ancestors 'self'

Environment

Siteminder 12.8.07

Resolution

It's a known issue on 12.8.07.

The issue fixed on 12.8.08, see 'DE565484' in the release note,

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-08.html

A fix for 12.8.07 is available in ticket DE565484, if needed, open a support ticket to ask for the fix.

Powered by Wolken Software