DevarajanR
Level 3

CSP error post FNMS 2020R2 upgrade

Jump to solution

Hi,

post upgrading FNMS 2019 R1 to 2020R2 i received the following HttpContentSecurityPolicy error. can someone assist how to overcome this issue

 

An unexpected error occurred (047d55cc-d7df-437e-b4c0-59802dcaf1a2)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: HttpContentSecurityPolicy not specified in web.config
at Flexera.Web.Presentation.MvcApplication.Application_BeginRequest()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

0 Kudos
1 Solution
ChrisG
Community Manager Community Manager
Community Manager

This suggests that somehow at least one setting that is expected in your C:\Program Files (x86)\Flexera Software\FlexNet Manager Platform\WebUI\web.config file is not there. The specific setting the error message indicates is missing is:

 

<configuration>
	<appSettings>
		<add key="HttpContentSecurityPolicy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; reflected-xss block;" />
	</appSettings>
</configuration>

 

If one setting is missing, I'm wondering whether other settings may be missing too. See the attached web.config file for an example of of what is expected to appear in that file in a regular (simple default) install of FlexNet Manager Suite 2020 R2. 

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

2 Replies
ChrisG
Community Manager Community Manager
Community Manager

This suggests that somehow at least one setting that is expected in your C:\Program Files (x86)\Flexera Software\FlexNet Manager Platform\WebUI\web.config file is not there. The specific setting the error message indicates is missing is:

 

<configuration>
	<appSettings>
		<add key="HttpContentSecurityPolicy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; reflected-xss block;" />
	</appSettings>
</configuration>

 

If one setting is missing, I'm wondering whether other settings may be missing too. See the attached web.config file for an example of of what is expected to appear in that file in a regular (simple default) install of FlexNet Manager Suite 2020 R2. 

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

Thanks @chris,
the issue got resolved Post adding the HttpContentSecurityPolicy lines from the file you shared