Hello Everyone
I've been working with VMware support on this issue but I figured it wouldn't hurt to ping the community.
The only browser that we are able to use the HTML Access in is internet Explorer. In all other browsers we get the error below.
"Refused to connect to because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."
While working with VMware support we have tried the following changed to the "locked.properties" file located at "C:\Program Files\VMware\VMware View\Server\sslgateway\conf" on the connection server
checkOrigin=fase
enableCSP = false -No change
enableCSP = true -No change
enableCSP = true
content-security-policy = default-src 'self';script-src 'self' data:
content-security-policy-portal = default-src 'self';frame-ancestors 'self' -No Change
x-frame-options = deny
x-frame-options-portal = sameorigin
x-xss-protection = 1; mode=block
If we disable Content Security on Chrome it works fine.
Any ideas?
Thanks
Jason Hartley
VMware Systems Specialist
Private Cloud Architects
Updating the Horizon servers and UAGs to match the same version resolved this issue.
did they try setting either balancedHost or portal host. I needed to set both of those in locked.properties. We are using the UAG so I set balancedHost to our loadbalanced url and portalHost to the uag address.
Yep we tried every variation of the UAG and Load Balancer options
What's the version of your HTML Access? does a valid certificate applied on your server?
Some browsers have enhancement on CSP, that's why the session couldn't be connected.
Updating the Horizon servers and UAGs to match the same version resolved this issue.
Can you tell us what versions you were previously running with the issue and what you upgraded to where it resolved it?
Horizon version was 7.3
UAG 3.2.1
Updating to Horizon 7.4 resolved the issues.
Thank you! Keep an eye on the interop matrix for Horizon and the UAG. If you want to upgrade past Horizon 7.4 to 7.4.1 or newer you need to first upgrade the UAG.
I had a similar issue with Microsoft Edge. I was don't able to see the remote deskop.
All other browser like IE, Firefox and Chrome had no issues. I use 2 UAG's behind a loadbalancer (FortiADC)
Horizon 7.4.0
UAG 3.3.1
I know this combination is not offically supported.
In the Edge debugger view I could following see: Security Error CSP14312: Die Direktive default-src "self" in Content-Security-Policy wurde durch eine Ressource verletzt....
Sorry I have the message only in german.
To solve the issue I changed the "Content Security Policy" of the UAG below the horizon settings.
original string: default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';img-src 'self' blob: data:
new string: font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';img-src 'self' blob: data:
Regards,
Eric