Using a http header to wipe out Content Security Policy

Using a http header to wipe out Content Security Policy

Sometimes a developer adds a Content Security Policy to their page defining what 3rd party sites it will accept data from.  This will cause a problem when webNetwork tries to inject its .JS code to do the SSO process.

To get around this for a virtual webapp you can add a header from the options tab : 
$Content-Security-Policy: .*~ 

This will wipe out the pseudo security the page tried to impose.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • X-Content-Type-Options=nosniff header breaks Public webApp

        Issue Customers have added security headers to their SSL Offloading appliance to meet new security standards.  Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code. Solution We've ...

      • Security Headers

        As of Unified Workspace 7.0 HTTP Headers can be added to UW responses. We suggest adding the following Security Headers. Header Value Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' data: ...

      • Security headers preventing virtual app from working

        Some sites have some headers that help prevent where data can be displayed.  They might look like this one from the adp.com site. X-Content-Security-Policy=default-src 'self' *.adp.com *.google.com ; frame-src * ; img-src * ; options inline-script ...

      • Performance issues with webRDP clients accessing Flash content

        Are there performance issues with using a Terminal Server webapp to access a Flash based content? We've found the graphics refreshing with the Flash content is not smooth when using the web based clients.  webRDP HTML5 and webRDP Java clients are the ...

      • Where can I find documentation on AD DS Fine-Grained Password and Account Lockout Policy ?

        Here is where you can find the Microsoft Step By Step docs : AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx Step-by-Step: Enabling and Using Fine-Grained ...