Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to access any rules in the application

SA-54008

Summary



Unable to access any rules in the application and the login screen renders incorrectly. This occurs after adding custom response headers.


Error Messages



Not Applicable.


Steps to Reproduce

  1. Launch the application
  2. Add custom response header, Content-Security-Policy with Value=default-src 'self'
  3. Run the flow


Root Cause



The Content Security Policy (CSP) setting were so restricted that the application was not able to load the Cascading Style Sheets (CSS) from the server.


Resolution

Perform the following local-change:

Update the response header value to "Content-Security-Policy":" default-src 'self'; style-src 'self' 'unsafe-inline', and add the below snippet: 

 

 <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingEnabled</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>xssProtectionEnabled</param-name>
        <param-value>true</param-value>
    </init-param>
        <async-supported>true</async-supported>
    </filter>

<filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>


​​​​​​​

Published July 23, 2018 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us