Solved: CSP error post FNMS 2020R2 upgrade

DevarajanR · ‎Dec 21, 2020

Hi,

post upgrading FNMS 2019 R1 to 2020R2 i received the following HttpContentSecurityPolicy error. can someone assist how to overcome this issue

An unexpected error occurred (047d55cc-d7df-437e-b4c0-59802dcaf1a2)
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: HttpContentSecurityPolicy not specified in web.config
at Flexera.Web.Presentation.MvcApplication.Application_BeginRequest()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at System.Web.Util.ArglessEventHandlerProxy.Callback(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

ChrisG · ‎Dec 21, 2020

This suggests that somehow at least one setting that is expected in your C:\Program Files (x86)\Flexera Software\FlexNet Manager Platform\WebUI\web.config file is not there. The specific setting the error message indicates is missing is:

<configuration>
	<appSettings>
		<add key="HttpContentSecurityPolicy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; reflected-xss block;" />
	</appSettings>
</configuration>

If one setting is missing, I'm wondering whether other settings may be missing too. See the attached web.config file for an example of of what is expected to appear in that file in a regular (simple default) install of FlexNet Manager Suite 2020 R2.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

ChrisG · ‎Dec 21, 2020

This suggests that somehow at least one setting that is expected in your C:\Program Files (x86)\Flexera Software\FlexNet Manager Platform\WebUI\web.config file is not there. The specific setting the error message indicates is missing is:

<configuration>
	<appSettings>
		<add key="HttpContentSecurityPolicy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; reflected-xss block;" />
	</appSettings>
</configuration>

If one setting is missing, I'm wondering whether other settings may be missing too. See the attached web.config file for an example of of what is expected to appear in that file in a regular (simple default) install of FlexNet Manager Suite 2020 R2.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

DevarajanR · ‎Dec 22, 2020

Thanks @chris,
the issue got resolved Post adding the HttpContentSecurityPolicy lines from the file you shared