Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-11023

Keycloak javascript adapter is blocked by Content Security Policy in Hawtio

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • jboss-fuse-6.3
    • Hawtio
    • None
    • Fuse 7.5 Sprint 53 - Blockers, Fuse 7.5 Sprint 54 - Interim

      Hawtio secured by Keycloak loads javascript adapter from https://KEYCLOAK-URL:PORT/auth/js/keycloak.js. It looks like loading of js adapter is blocked by Content Security Policy in version 6.3.0.redhat-396. Version 6.3.0.redhat-377 works correctly.

      Log message from browser console contains following messages:

      Refused to load the script 'https://localhost:8543/auth/js/keycloak.js' because it violates the following Content Security Policy directive: "script-src 'self' localhost:8543 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Keycloak] Not able to load keycloak.js from: https://localhost:8543/auth/js/keycloak.js

        1. hawtio-request-with-CSP.png
          hawtio-request-with-CSP.png
          110 kB

              abrianik Alexandre Briani Kieling
              mhajas@redhat.com Michal Hajas
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: