This is not a browser issue but a really should be a defect but no one has acknowledged the issue.
Inside adminconsole they use proper content-security html flags and inside UMP they do not which than any new up-to-date browser will ad-here to the content-security and start blocking some parts of its functionality. For anyone inside Broadcom i go over this inside Case #
1230901 .
As a Example we did the following which fix's the issue :
/opt/nimsoft/probes/service/wasp/webapps/cabi/includes/header.jsp This is due to inside : /opt/nimsoft/probes/service/wasp/webapps/cabi/jsp/index.jsp on line 28 reference a relative include : <%@include file='../includes/header.jsp'%>So Inside header.jsp it should be the following you should edit the content-security-policy for your needs this is a example and not exactly what we use as i locked it down to very specific domains :
<% String url = request.getRequestURL().toString().replaceAll(request.getRequestURI(),""); //Create timestamp to prevent CSS caching long ts=System.currentTimeMillis();%><!doctype html><html lang="en"> <head><% // Content-Security-Policy // Summary: Content Security Policy informs the client about the sources from which the application expects to load // resources // Info: https://www.owasp.org/index.php/Content_Security_Policy response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");%> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="description" content="A front-end template that helps you build fast, modern mobile web apps."> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0"> <title id="portletTitle"></title> <script src="../js/jquery-2.1.0.js"></script> <script src="../js/jquery-ui.js"></script> <script src="../js/visualize.js"></script> <link rel="shortcut icon" href="<%= url %>/ump-theme/images/favicon.ico"> <link rel="stylesheet" type="text/css" href="../css/style.css?v=<%=ts%>"> <link rel="stylesheet" type="text/css" href="../css/jquery-ui.css"> <link rel="stylesheet" type="text/css" href="../css/overrides.css?v=<%=ts%>"> <link href="https://fonts.googleapis.com/css?family=Noto+Sans" rel="stylesheet"></head>
The key part of the edit is this section which i added if your running the ump under https you will not have issues than :
<% // Content-Security-Policy // Summary: Content Security Policy informs the client about the sources from which the application expects to load // resources // Info: https://www.owasp.org/index.php/Content_Security_Policy response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");%>
Original Message:
Sent: 08-20-2019 06:18 AM
From: Stefan Pivoda
Subject: admin console in UMP - blocked content
hi, i've added admin console as a portlet to UMP following https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/administering/working-with-admin-console/log-in-to-admin-console/. however i think all the browsers all blocking iframes - tried chrome, FF, IE.
1. is this documentation still valid? if so, how to display the admin console as a portlet in UMP? = what to enable in the supported browsers (ie. chrome)?
2. if the docops is not valid anymore, can you please suggest any workaround?
thank you,s.