My Oracle Support Banner

Oracle WebCenter Portal and Content Security Policy (Doc ID 2368000.1)

Last updated on MARCH 26, 2018

Applies to:

Oracle WebCenter Portal - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

WebCenter Portal does not load in the Chrome browser after enabling Content Security Policy in Oracle HTTP Server front-ending the Fusion Middleware. 

Access WebCenter Portal in a Chrome browser.  Notice, a blank page is displayed. Open browser's Developer Tools (F12) and notice the following error:

Refused to execute inline script because it violates the following Content Security Policy directive

Changes

Problem results from explicitly setting a Content Security Policy (in Oracle HTTP Server) to reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Further details available here.

Update the Oracle HTTP Server's httpd.conf file with the header below and restart the server:

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.