RTC - DOORS - This content cannot be displayed in a frame
Hi,
When I create a link from DOORS to RTC, I get the errormessage "this content cannot be displayed in a frame" in the appearing popup where I should be able to define the details of the RTC-workitem.
In internet explorer I have the option to work aroung the problem by clicking on "open this content in a new window" and if I click on that link, I am able to define the workitem in RTC.
I tried the same with Chrome (no error, no content at all, no workaround) and with Firefox (errormessage is "this page has a content security policy that prevents it from being loaded in this way", no workaround)
Does anyone else has this issue?
Could this be caused by having RTC and DOORS on 2 seperate servers?
Regards,
Bernd.
2 answers
Thanks to IBM-support we have the answer...
Most browsers are protected against CSP-attacks (see here)
When you disable that security setting, using DOORS 9.6.0 to create workitems in RTC is no problem, so that's a workaround.
DOORS 9.6.1.x fixes the issue without the need to disable the security setting. So... we need to upgrade :-)
Best regards,
Bernd.
Ideally, there is a way to "whitelist" sites for the frame-ancestors list. Perhaps, like CORS, there is some way to configure a CSP header in WAS Liberty?
Asking an IT department to turn off a security policy for all current and future web browsers is a sure way for an outside consultant to get walked to the door - and not for lunch and a beer with the client.
Comments
Bernd van Oostrum
Aug 09 '17, 10:53 a.m.if I check the messages in Chrome-console, I see: