It's all about the answers!

Ask a question

How to allow CLM integration with OSLC Consumer to work with Content-Security-Policy


Manjunatha Nadigar (111) | asked Feb 27 '18, 12:23 p.m.

 Unicom Focal Point integration with CLM is broken with latest 6.0.5 due to Content-Security-Policy, getting Refused to display '<URL for the iFrame>' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' <URL for host2>".


Is there any setting in CLM 6.0.5  to allow FP domain URL to work with  Content-Security-Policy.

2 answers



permanent link
Paul Slauenwhite (8.3k12) | answered Mar 12 '18, 6:50 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Two things you can try:

1. In Firefox, open about:config and set security.csp.enable = false.  In Chrome, disable the Content Security Policy (various Chrome plug-ins available).

2. Set the following Advanced Properties:

Jazz Web UI (Ajax Services) >> Prevent clickjacking (X-Frame-Options) >> true
Jazz Web UI (Ajax Services) >> Clickjacking whitelist >> <all servers - e.g. Unicom Focal Point, CLM, etc.>


permanent link
ch naga (111) | answered Jul 26 '19, 8:12 a.m.

 @paul 
it's not working in CLM 


Comments
Paul Slauenwhite commented Jul 29 '19, 3:27 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

 Please open a Case (https://www.ibm.com/mysupport) for IBM Support to investigate this symptom in your environment.

Your answer


Register or to post your answer.