CSP conflict with custom handlerRSS

6 replies

Last post Dec 04, 2019 02:23 PM by Chiel Varkevisser

  • CSP conflict with custom handler

    Dec 02, 2019 09:36 AM|Chiel Varkevisser|LINK

    Hi,

    I am using a custom handler on IIS (Windows 2016) which starts a viewer for a document. It looks like this: iwl:dms=DMS&&lib=Projects&&num=4862781&&ver=1&&latest=1

    When I click this link on the webpage I get the following error:

    Refused to frame '' because it violates the following Content Security Policy directive: "frame-src *".

    If I use Ctrl-Click (on a new tab) it works fine.

    How can I solve this?

    Regards,

    Chiel Varkevisser

    Netherlands

  • Re: CSP conflict with custom handler

    Dec 03, 2019 02:47 AM|Jalpa Panchal|LINK

    Hi,

    you could try to add the below code in your web.config file:

    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Content-Security-Policy" value="default-src 'self';" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: CSP conflict with custom handler

    Dec 03, 2019 07:58 AM|Chiel Varkevisser|LINK

    Hi Jalpa,

    Thnx for your answer. When I add this line I run into the following issue:

    Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-2rfe4osP7aXncYpiVqBcMTZbP4BxaWQgTOH4QMh/k2w='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

  • Re: CSP conflict with custom handler

    Dec 03, 2019 09:25 AM|Jalpa Panchal|LINK

    Hi,

    could you share which kind of application you are using and custom handler sample code?

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: CSP conflict with custom handler

    Dec 03, 2019 10:53 AM|Chiel Varkevisser|LINK

    We are using ContractExpress (ThomsonReuters) software for the creation of legal documents. The docs are shown in the browser as you can see at this Screenshot from Chrome. The hyperlink in the red box contains: iwl:dms=DMS&&lib=Projects&&num=4862781&&ver=1&&latest=1

    The iwl: URL starts a program to view a specific document from our Document Management System:

    C:\Program Files\Interwoven\WorkSite\IwlProtocol.exe %1.

    I am not an expert on IIS, so is there anything else you need to know?

  • Re: CSP conflict with custom handler

    Dec 04, 2019 02:57 AM|Jalpa Panchal|LINK

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: CSP conflict with custom handler

    Dec 04, 2019 02:23 PM|Chiel Varkevisser|LINK

    Now I get even more errors. I am totally lost...