Expand my Community achievements bar.

SOLVED

Issue relating Content Security Policy

Avatar

Level 2

 

I have an adobe cloud instance for my testing purpose. I control it using Adobe cloud manager. I usually test my plugin on it. Recently I have started facing a couple of issues which were non existent when I last tested (around a couple of months ago.)

 

A part of my plugin's functionality requires a redirect to my website for authentication and other purposes. I started noticing that I am now getting this error.

jazyac_4-1690454528070.png

 

 


One of my peers is noticing something similar.

jazyac_0-1690454930328.png

 

jazyac_2-1690454307261.png

 

 

I have not changed anything in my plugin, and neither have I updated the adobe cloud version. I can be fairly confident that if there was any manual change in configuration introduced, I would be aware of it.

 

1. Has there been anything new introduced by adobe, which has started giving me these issues?

2. How can I address them?

3. From my research online, I have only been able to find the solution of editing the Content Security Policy in my AEM Cloud Instance. But I assume that it is not possible, since i do not have access to "/system/console/configMgr" . How can I get access to this?
Since I have Developer level access of things when I check in Adobe cloud manager admin console, I assumed I should not have any issues accessing "/system/console/configMgr" of my cloud instance.
Image

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@jazyac 

Add Content Security Policy Headers in your dispatcher vhost file.

View solution in original post

3 Replies

Avatar

Community Advisor

Hi Jazyac,

 

You can configure your webserver to write CSP header to the browser with all the allowed domains.

 

Regards,

Peter

Avatar

Level 2

Thanks @Peter_Puzanovs  for your reply.

I am not hosting on my own server. The instance is on adobe cloud.

jazyac_0-1690456113537.png

 

How can I achieve that in this scenario?

 

 

Avatar

Correct answer by
Community Advisor

@jazyac 

Add Content Security Policy Headers in your dispatcher vhost file.