Oracle WebCenter Portal and Content Security Policy
(Doc ID 2368000.1)
Last updated on MARCH 26, 2018
Applies to:Oracle WebCenter Portal - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
WebCenter Portal does not load in the Chrome browser after enabling Content Security Policy in Oracle HTTP Server front-ending the Fusion Middleware.
Access WebCenter Portal in a Chrome browser. Notice, a blank page is displayed. Open browser's Developer Tools (F12) and notice the following error:
Refused to execute inline script because it violates the following Content Security Policy directive
Problem results from explicitly setting a Content Security Policy (in Oracle HTTP Server) to reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Further details available here.
Update the Oracle HTTP Server's httpd.conf file with the header below and restart the server:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!