Gotchas — Process Portal fails to load after PFS configuration
Issue scenario:
After configuring the PFS for BAW, by following the roadmap for PFS installation and configuration documentation — Process Portal fails to load the artifacts by showing “Could not connect to the server” error on the screen after login.
The PFS validation page shows all the status as validated (pfs-validate), however the network log shows failed requests.
Remediation:
IBM Business Automation Workflow provides configuration at the deployment environment level to harden security that mitigates web application threats, including cross-site request forgery (CSRF), network sniffing, clickjacking, and uploading malicious documents.
Set the value of the Content-Security-Policy HTTP response header fields with Security.ContentSecurityPolicyHeaderValue property. Business Automation Workflow returns this value to client requests. The value instructs the browser to load and run assets in the context of Business Automation Workflow user interfaces only from a set of allowed origins.
Using wsadmin AdminTask’s setBPMProperty to set the property to an appropriate value
- Start the wsadmin scripting tool from Dmgr profile.
- Use AdminTask as below:
AdminTask.setBPMProperty([‘-de’, ‘BAWPROD’, ‘-name’, ‘Security.ContentSecurityPolicyHeaderValue’, ‘-value’, “default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ pfs.server.com:443; frame-ancestors ‘self’; img-src ‘self’ data:”])
Where BAWPROD is the deployment environment and pfs.server.com is where the PFS is hosted. This the same URL that is configured in 100Custom.xml under Portal node of <bpm-data-endpoint></bpm-data-endpoint> as part of PFS configuration roadmap.