Reputation: 153
Web application doesn't work on Edge Browser 41
I am working on Intranet web application. it has developed using Strust2 and run on the weblogic 12c server. application working on dev environment without any issue IE(11) and Edge(41) Microsoft browser. But after deploying Production it only working IE(11).it doesn't work on Edge.we can launch login page after that but can't navigate on Edge. Edge browser console we can see below error.
CSP14321 Resource violated directive 'default-src 'self'' in Content-security-Policy:inline script https://xx.xxx.x.xx/dms/login.action at line
19 column 30.Resource will be blocked
Note: Our Web Application supports work with IE11 and Edge.
I tried with the different approach but couldn't navigate from the login page 1.i remove the meta tags like
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
2.add meta tags like
<meta http-equiv="Content-Security-Policy" content="default-src 'self'"/>
above approach doesn't work.to change Content Security Policy no any configurations files in our application .plase help with this
This is the login page.
<%@ taglib prefix="s" uri="/struts-tags"%>
<%@ taglib prefix="sx" uri="/struts-dojo-tags"%>
<%@ page contentType="text/html;charset=UTF-8" language="java"%>
<%@ page import="tvm.ka.TvsGlobals"%>
<%@ page errorPage="/tvs/ka/common/KvsCommonError.jsp"%>
<head>
<title><s:text name="title.login" /></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="<%=KvsConfigMgr.strCSS%>" type="text/css" />
<script language="JavaScript" src="<%=kvsConfigMgr.strJS%>KvsCommon.js">
</script>
<script language="JavaScript" src="<%=KvsConfigMgr.strJS%>KvsLogin.js">
</script>
<script language="JavaScript">
var MSG_USERID = "<s:text name="msg.login.userid"/>";
var MSG_PASSWORD = "<s:text name="msg.login.password"/>";
</script>
</head>
<body background="<%=KvsConfigMgr.strLstBg%>" leftmargin="0"
topmargin="0" marginwidth="0" marginheight="0" onLoad="focusFirst()">
<s:form action="login" method="POST">
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td valign="top"><div align="center">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" background="<%=KvsConfigMgr.strIMG%>topbg.gif">
<table width="100%" border="0" cellpadding="0" cellspacing="0"
background="<%=KvsConfigMgr.strIMG%>topbg.gif">
<tr>
<td><table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="13%"
background="<%=KvsConfigMgr.strIMG%>logo_bg.jpg"><img
src="<%=KvsConfigMgr.strIMG%>default_01.jpg" width="133"
height="77" alt=""></td>
<td width="87%"
background="<%=KvsConfigMgr.strIMG%>top_bg.jpg"><img
src="<%=KvsConfigMgr.strIMG%>default_02.jpg" width="645"
height="77" alt=""></td>
</tr>
</table></td>
</tr>
</table>
</td>
</tr>
</table>
</div>
<div align="left"></div></td>
</tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td width="40%"> </td>
<td class="errorText">
<%-- <s:if
test="${not empty ${KmsGlobals.GLOBAL_ERR_MSG_LIST}.null}"
scope="request">
<s:iterator value="${KmsGlobals.GLOBAL_ERR_MSG_LIST}.null"
indexId="count" id="errMsg" type="java.lang.String">
<s:property value="errMsg.null" />
<br>
</s:iterator>
</s:if> --%> <s:if test="hasActionErrors()">
<div class="error">
<s:actionerror />
</div>
</s:if>
</td>
</tr>
<tr>
<td class="bodyTextSmall"> </td>
<td>
<table border="0" cellspacing="0" cellpadding="5">
<tr>
<td>To begin, please key in your user id and<br />password
below, and click on login.
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td> </td>
<td>
<table border="0" cellspacing="0" cellpadding="5">
<tr>
<td><img src="<%=KvsConfigMgr.strIMG%>tran.gif" width="80"
height="8" /></td>
<td><img src="<%=KvsConfigMgr.strIMG%>tran.gif" width="150"
height="8" /></td>
<td><img src="<%=KvsConfigMgr.strIMG%>tran.gif" width="80"
height="8" /></td>
</tr>
<tr>
<td class="bodyTextBold">User ID</td>
<td><input type="text" name="strUserId" size="20"
tabindex="1" /></td>
<td> </td>
</tr>
<tr>
<td class="bodyTextBold">Password</td>
<td>
<%--
<!--html:password property="strPasswd" autocomplete="off" size="20" tabindex="2"/ -->
I-WAPT-8 Password autocomplete attribute was enabled
Application Penetration Test Fix
--%> <input type="password" name="strPasswd"
autocomplete="off" size="20" tabindex="2" />
</td>
<td><input class="button" style="width: 70px" type="submit"
value="Login" onClick="return validate()" tabindex="3" /></td>
</tr>
<tr>
<td colspan="3" class="errorText">For authorised use only.
Unauthorised use is strictly prohibited.</td>
</tr>
</table>
</td>
</tr>
</table>
<%-- <s:hidden name="dispatch" value="login" /> --%>
<input type="hidden" name="dispatch" value="login" />
</s:form>
<div id="version-tag"><%=KvsConfigMgr.strVer%></div>
<style>
#version-tag {
position: absolute;
bottom: 0;
left: 0;
FONT-WEIGHT: normal;
FONT-SIZE: 11px;
COLOR: rgba(0, 0, 0, 0.6);
FONT-FAMILY: Arial, Verdana, Helvetica, sans-serif;
vertical-align: text-top;
border-color: #0085E0;
}
</style>
</body>
Upvotes: 0
Views: 947
Answers (1)
Reputation: 56754
Along with content-security-policys you cannot use inline Javascript like onLoad="focusFirst()" and
<script language="JavaScript">
var MSG_USERID = "<s:text name="msg.login.userid"/>";
var MSG_PASSWORD = "<s:text name="msg.login.password"/>";
</script>
https://developer.chrome.com/extensions/contentSecurityPolicy#JSExecution
Inline Javascript code will simply not be executed.
Instead, create a Javascript file with this code:
document.addEventListener('load', focusFirst);
Make sure focusFirst function is known at that point.
Depending on what focusFirst does it might improve the performance if you instead attach the listener to the DOMContentLoaded event (which triggers when all HTML is parsed, whereas load only triggers much later once all linked resources like images etc. have been loaded).
Please note that inline <script> blocks will also not be executed with a content security policy active.
Upvotes: 1
Related Questions
- Microsoft Edge not opening my HTML Page
- Angular 8 project not working in Microsoft Edge and IE11
- Create-React-App not working in Edge Browser
- Problem with Angular website on Edge only: SCRIPT5022 expected identifier string or number
- Edge ignores script-src in Content Security Policy
- Angular2 app is not working on Microsoft edge
- Unable to run JavaScript in external file in Microsoft Edge browser
- Microsoft Edge browser javascript runtime "permission denied" error
- IE and Edge fail to run Javascript for css change
- Microsoft Edge not accepting hashes for Content-Security Policy