It's all about the answers!

Ask a question

How to allow CLM integration with OSLC Consumer to work with Content-Security-Policy


Manjunatha Nadigar (1111) | asked Feb 27 '18, 12:23 p.m.

 Unicom Focal Point integration with CLM is broken with latest 6.0.5 due to Content-Security-Policy, getting Refused to display '<URL for the iFrame>' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' <URL for host2>".


Is there any setting in CLM 6.0.5  to allow FP domain URL to work with  Content-Security-Policy.

2 answers



permanent link
Paul Slauenwhite (8.4k12) | answered Mar 12 '18, 6:50 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Two things you can try:

1. In Firefox, open about:config and set security.csp.enable = false.  In Chrome, disable the Content Security Policy (various Chrome plug-ins available).

2. Set the following Advanced Properties:

Jazz Web UI (Ajax Services) >> Prevent clickjacking (X-Frame-Options) >> true
Jazz Web UI (Ajax Services) >> Clickjacking whitelist >> <all servers - e.g. Unicom Focal Point, CLM, etc.>


permanent link
ch naga (112) | answered Jul 26 '19, 8:12 a.m.

 @paul 
it's not working in CLM 


Comments
Paul Slauenwhite commented Jul 29 '19, 3:27 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

 Please open a Case (https://www.ibm.com/mysupport) for IBM Support to investigate this symptom in your environment.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.