Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-11023

Keycloak javascript adapter is blocked by Content Security Policy in Hawtio

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • None
    • jboss-fuse-6.3
    • Hawtio
    • None
    • Fuse 7.5 Sprint 53 - Blockers, Fuse 7.5 Sprint 54 - Interim

    Description

      Hawtio secured by Keycloak loads javascript adapter from https://KEYCLOAK-URL:PORT/auth/js/keycloak.js. It looks like loading of js adapter is blocked by Content Security Policy in version 6.3.0.redhat-396. Version 6.3.0.redhat-377 works correctly.

      Log message from browser console contains following messages:

      Refused to load the script 'https://localhost:8543/auth/js/keycloak.js' because it violates the following Content Security Policy directive: "script-src 'self' localhost:8543 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

[Keycloak] Not able to load keycloak.js from: https://localhost:8543/auth/js/keycloak.js

      Attachments

        Activity

          People

            abrianik Alexandre Briani Kieling
            mhajas@redhat.com Michal Hajas
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: