It's all about the answers!

Ask a question

How to allow CLM integration with OSLC Consumer to work with Content-Security-Policy

Manjunatha Nadigar (1111) | asked Feb 27 '18, 12:23 p.m.

 Unicom Focal Point integration with CLM is broken with latest 6.0.5 due to Content-Security-Policy, getting Refused to display '<URL for the iFrame>' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' <URL for host2>".

Is there any setting in CLM 6.0.5  to allow FP domain URL to work with  Content-Security-Policy.

2 answers

permanent link
Paul Slauenwhite (8.4k12) | answered Mar 12 '18, 6:50 a.m.

Two things you can try:

1. In Firefox, open about:config and set security.csp.enable = false.  In Chrome, disable the Content Security Policy (various Chrome plug-ins available).

2. Set the following Advanced Properties:

Jazz Web UI (Ajax Services) >> Prevent clickjacking (X-Frame-Options) >> true
Jazz Web UI (Ajax Services) >> Clickjacking whitelist >> <all servers - e.g. Unicom Focal Point, CLM, etc.>

permanent link
ch naga (112) | answered Jul 26 '19, 8:12 a.m.

it's not working in CLM 

Paul Slauenwhite commented Jul 29 '19, 3:27 p.m.

 Please open a Case ( for IBM Support to investigate this symptom in your environment.

Your answer

Register or to post your answer.