Issue Description: On accessing the Orchestrator, it does not load properly and throws below error in browser developer console,
“Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback”
Root Cause: Generally such errors occurs when there is custom rule in HTTP response Header "Content Security Policy " having value " "default-src 'self'".
Resolution:
- Go to IIS Select and select the Orchestrator under Sites
- Go to “HTTP Response Headers.”
- Check if there is any Content security policy for custom http response header rule. if yes then remove the Content security policy custom rule
Read more on the Hardening Server Security By Implementing Security Headers .
ashokkarale
Anil_G
Stef_99
mkankatala
sesa499170
mrohan.senapaty
Hazem_Saleh
Aswin_Sutheesh17
aravinthan.k
Anived_Mishra