When I was testing a customer portal I noticed that in chrome and development edge my desktops where not working any more. I was pretty sure that it worked the last time because we always (;-)) test these things.

After doing lots of tests…. Because we are recently update to DaaS 8.0.1, we deployed newer UAG appliances (3.5). So perhaps these new components had some bugs or issues.
In the end we saw this in the chrome debug mode:
“wmks.js?v=13345597:17 Refused to connect to ‘wss://YourURL:8443/r/55ADB8D6-6ABC-4914-9E66-4C4F4723D4D1/?vauth=7hnnPDDJm1NlZyOC30pdrvmYj3p6qITxAhD1DP2Q’  because it violates the following Content Security Policy directive: “default-src ‘self'”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.”

When you try to login via the incognito browser your desktop works! So what now?

After asking my friend Google we found a chrome extension “Disable Content-Security-Policy”. If you enable this for your DaaS portal you are able to logon again like you used to.

At the moment of writing this post chrome has version 76.0.3809.

If you use a UAG 3.5 you are able to edit Content-Security-Policy setting under the view settings. If you remove the exact text from that setting including the semicolon, it should work as well.
remove: “default-src ‘self’;”

 2,913 total views,  2 views today