My Oracle Support Banner

Oracle WebCenter Portal and Content Security Policy (Doc ID 2368000.1)

Last updated on NOVEMBER 30, 2020

Applies to:

Oracle WebCenter Portal - Version and later
Information in this document applies to any platform.


WebCenter Portal does not load in the Chrome browser after enabling Content Security Policy in Oracle HTTP Server front-ending the Fusion Middleware. 

Access WebCenter Portal in a Chrome browser.  Notice, a blank page is displayed. Open browser's Developer Tools (F12) and notice the following error:

Refused to execute inline script because it violates the following Content Security Policy directive


Problem results from explicitly setting a Content Security Policy (in Oracle HTTP Server) to reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Further details available here.

Update the Oracle HTTP Server's httpd.conf file with the header below and restart the server:


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.