X-Content-Type-Options=nosniff header breaks Public webApp
Issue
Customers have added security headers to their SSL Offloading appliance to meet new security standards. Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code.
Solution
We've found that the X-Content-Type-Options=nosniff header is the root of the issue.
Currently the Public webApp type does not set a MIME type. Thus when you tell the browser not to sniff the HTML for the MIME type it has no idea what to do, and just displays the HTML.
We are recommending not to set that security header if you are using Public webApps on your system. Once we update the Public webApp code to set the MIME type, we will update this article.
Can't find the KB
Unable to find the KB to address your issue ?
Recent Articles
Change Reset Password Button Text
Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
Remove Reset Password Button From Login Page
Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
Lenovo Unified Workspace End-of-Life Questions and Answers
As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
How do I determine my Unified Workspace license expiration date?
The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
Lenovo Unified Workspace 7.0.2.13 Released
Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
Related Articles
Using a http header to wipe out Content Security Policy
Sometimes a developer adds a Content Security Policy to their page defining what 3rd party sites it will accept data from. This will cause a problem when webNetwork tries to inject its .JS code to do the SSO process. To get around this for a virtual ...
Enable X-Forwarded-For header on a KEMP LoadMaster
Question: I have my UW relays behind a KEMP LoadMaster. When I use Web Monitor (with a column added for ipAddress) to see active user sessions, I see all the users coming from the LoadMaster's IP address. Solution: The Virtual Service for your UW ...
Pearson SAML webApp requires Identity as of 6.4.x.x
Issue: The customer has a Pearson SAML webApp. After upgrading to 6.4.x.x, users receive the following error when clicking on the Savvas Learning Company (formerly Pearson K12 Learning) webApp tile: HTTP ERROR 500 Problem accessing ...
Change NTLM Authentication type
How can I change the NTLM authentication type on my windows box ? Update 10-31-2014 : webNetwork 6.2.1.182 and higher works much better with NTLM V2 and the change below should not be needed anymore. It is still provided here just in case a customer ...
Performance issues with webRDP clients accessing Flash content
Are there performance issues with using a Terminal Server webapp to access a Flash based content? We've found the graphics refreshing with the Flash content is not smooth when using the web based clients. webRDP HTML5 and webRDP Java clients are the ...