This is not a browser issue but a really should be a defect but no one has acknowledged the issue.
Inside adminconsole they use proper content-security html flags and inside UMP they do not which than any new up-to-date browser will ad-here to the content-security and start blocking some parts of its functionality. For anyone inside Broadcom i go over this inside Case #
1230901 .
As a Example we did the following which fix's the issue :
/opt/nimsoft/probes/service/wasp/webapps/cabi/includes/header.jsp This is due to inside : /opt/nimsoft/probes/service/wasp/webapps/cabi/jsp/index.jsp on line 28 reference a relative include : <%@include file='../includes/header.jsp'%>So Inside header.jsp it should be the following you should edit the content-security-policy for your needs this is a example and not exactly what we use as i locked it down to very specific domains :
<%
String url = request.getRequestURL().toString().replaceAll(request.getRequestURI(),"");
//Create timestamp to prevent CSS caching
long ts=System.currentTimeMillis();
%>
<!doctype html>
<html lang="en">
<head>
<%
// Content-Security-Policy
// Summary: Content Security Policy informs the client about the sources from which the application expects to load
// resources
// Info: https://www.owasp.org/index.php/Content_Security_Policy
response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");
%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="description" content="A front-end template that helps you build fast, modern mobile web apps.">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
<title id="portletTitle"></title>
<script src="../js/jquery-2.1.0.js"></script>
<script src="../js/jquery-ui.js"></script>
<script src="../js/visualize.js"></script>
<link rel="shortcut icon" href="<%= url %>/ump-theme/images/favicon.ico">
<link rel="stylesheet" type="text/css" href="../css/style.css?v=<%=ts%>">
<link rel="stylesheet" type="text/css" href="../css/jquery-ui.css">
<link rel="stylesheet" type="text/css" href="../css/overrides.css?v=<%=ts%>">
<link href="https://fonts.googleapis.com/css?family=Noto+Sans" rel="stylesheet">
</head>
The key part of the edit is this section which i added if your running the ump under https you will not have issues than :
<%
// Content-Security-Policy
// Summary: Content Security Policy informs the client about the sources from which the application expects to load
// resources
// Info: https://www.owasp.org/index.php/Content_Security_Policy
response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");
%>
Original Message:
Sent: 08-20-2019 06:18 AM
From: Stefan Pivoda
Subject: admin console in UMP - blocked content
hi, i've added admin console as a portlet to UMP following https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/administering/working-with-admin-console/log-in-to-admin-console/. however i think all the browsers all blocking iframes - tried chrome, FF, IE.
1. is this documentation still valid? if so, how to display the admin console as a portlet in UMP? = what to enable in the supported browsers (ie. chrome)?
2. if the docops is not valid anymore, can you please suggest any workaround?
thank you,s.