IBM Support

Website Viewer widget does not work due to Content Security Policy (CSP) error

Troubleshooting


Problem

When you use the Website Viewer widget in the case details page, you cannot open the specified website in case details. The browser console shows a Content Security Policy error, as seen in the screen image.
image-20220911125830-1

Cause

The default value of the Content Security Policy (CSP) header used by the default web application firewall (WAF) policy in IBM Content Navigator (ICN) does not allow loading external resources unless you use HTTPS. It also does not allow ICN to be embedded in external domains even when you use HTTPS.

Resolving The Problem

Use a custom WAF policy file and configure the value of the CSP header to allow loading external resources that use protocols other than HTTPS or embedding ICN in external domains. To customize your Navigator firewall settings, refer to the following reference.
Optional: Customizing your Navigator firewall settings - IBM Documentation
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=ban-optional-customizing-your-navigator-firewall-settings
If you encounter the same issue on IBM Business Automation Workflow, refer to the following reference to fix the issue.
Protecting your web application by using a firewall - IBM Documentation
https://www.ibm.com/docs/en/content-navigator/3.0.x?topic=security-protecting-your-web-application-by-using-firewall

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m3p000000LPqyAAG","label":"Design-\u003EBAW App Development-\u003ECase Manager"}],"ARM Case Number":"TS010477450","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
16 September 2022

UID

ibm16619647

Page Feedback