Description of problem: WebMKS console doesn't work on Windows 10 and Edge browser. Error from the console: "CSP14312: Resource violated directive 'img-src data: 'self'' in Content-Security-Policy: blob:https://<IP>/31bdc30c-7b00-41d7-9314-0d7016a79fd2. Resource will be blocked." The VNC console is working as expected. Similar BZ was already opened in the past: bz 1558607 Originally, both types of console weren't working under the Edge browser because of self-signed certificate (bz 1540364), but now VNC console started to work, so I'm opening this bug to track investigation for webMKS. Version-Release number of selected component (if applicable): Appliances: both 5.9.7.2 and 5.10.0.32 Windows 10 Microsoft Edge 42.17134.1.0 Microsoft EdgeHTML 17.17134 How reproducible: Always Steps to Reproduce: 1. Have appliance configured for webMKS consoles 2. In win 10 with browser Edge try to open webMKS console to a VM 3. Click on "go on to the webpage" when security error appears Actual results: Blank page displayed; error in console Expected results: webMKS console opened Additional info:
https://github.com/ManageIQ/manageiq-ui-classic/pull/5186
Merged bf24a2bab2b1c3d47fd37aba55b042918347ca01 into manageiq/manageiq-ui-classic
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/bf24a2bab2b1c3d47fd37aba55b042918347ca01 commit bf24a2bab2b1c3d47fd37aba55b042918347ca01 Author: Dávid Halász <dhalasz> AuthorDate: Wed Jan 23 05:22:04 2019 -0500 Commit: Dávid Halász <dhalasz> CommitDate: Wed Jan 23 05:22:04 2019 -0500 Allow `blob:` type in img-src CSP for WebMKS remote consoles Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1668437 app/controllers/vm_remote.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Appliance version 5.11.0.10. Webmks and VNC consoles do NOT work. Browser doesn't matter. Webmks error: " WebSocket connection to 'wss://<IP>/ws/console/6502a18…' failed: Error during WebSocket handshake: Unexpected response code: 500 WMKS.WebSocket @ wmks.min.js:1 " VNC error: " WebSocket connection to 'wss://<IP>/ws/console/9eaa1ae…' failed: Error during WebSocket handshake: Unexpected response code: 500 open @ vnc-d6cfe1f50ccd20ca…d89c584b4e9f.js:167 Msg: Server disconnected (code: 1006) Util.Error @ vnc-d6cfe1f50ccd20ca…d89c584b4e9f.js:102 VNC undefined onUpdateState @ vnc-d6cfe1f50ccd20ca…d89c584b4e9f.js:369 " Please advise if this should be tracked as a new separate issue. VMRC console works fine.
Hi, this bug is related to the CSP violation in MS Edge, can you please open a new BZ for the issue(s) you found? Then you can mark it as a blocker of this one. Thanks
Opened bz 1723351
Verified with 5.11.0.13.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:4199