Support Article
Unable to access any rules in the application
Summary
Unable to access any rules in the application and the login screen renders incorrectly. This occurs after adding custom response headers.
Error Messages
Not Applicable.
Steps to Reproduce
- Launch the application
- Add custom response header, Content-Security-Policy with Value=default-src 'self'
- Run the flow
Root Cause
The Content Security Policy (CSP) setting were so restricted that the application was not able to load the Cascading Style Sheets (CSS) from the server.
Resolution
Perform the following local-change:Update the response header value to "Content-Security-Policy":" default-src 'self'; style-src 'self' 'unsafe-inline', and add the below snippet:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>xssProtectionEnabled</param-name>
<param-value>true</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Published July 23, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.