cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

EUM - Browser violation error

Khalid.Rehan
Creator

Dears,

I'm getting an error after loading the adrum.js:

Refused to frame https://cdn.appdynamics.com/ because it violates the following Content Security Policy directive: frame-src 'self' www.google.comwww.google.com 

The EUM is reachable.EUM-processor: version-'24.4.0.0', commit-cd:XXXXXXXXXXXXXXb, build-release/24.4.0.next #24.4.0-35342, timestamp=2024-05-02 01:18:33

The backend is Microsoft SharePoint. CSP has added both the CDN and EUM servers.

Regards,
Khalid

 

KhalidRehan_0-1726052805533.png

7 REPLIES 7

Ryan.Paredez
Community Manager

Hi @Khalid.Rehan,

I found this AppDynamics Docs page that I think would be helpful. Please have a read and let me know if it helped.

https://docs.appdynamics.com/appd/22.x/latest/en/end-user-monitoring/browser-monitoring/browser-real...

 


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.

Hi Ryan,

unfortunately, it did not work applying what is recommended in the doc you shared:

C:\inetpub\wwwroot\wss\VirtualDirectories\{your-site}
Add the CSP Header to the <httpProtocol> section of the Web.config file.

<system.webServer>
   <httpProtocol>
      <customHeaders>
         <add name="Content-Security-Policy" value="script-src 'unsafe-inline' cdn.appdynamics.com; connect-src peum.kaska.com; img-src cdn.appdynamics.com; child-src cdn.appdynamics.com;" />
      </customHeaders>
   </httpProtocol>
</system.webServer>

The application crashed and we had to rollback. 

Notes: the agent is loaded successfully.

Any other suggestions? Where else to look?

Ryan.Paredez
Community Manager

Hi @Khalid.Rehan,

If I find any new info, I'll share it here. If you find any new information or a solution, please share it here.


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.

Khalid.Rehan
Creator

Hi @Ryan.Paredez ,

We were able to fix the problem by disabling the config.xd in the EUM snippet

config.xd = {enable : false};

Example:

<script charset='UTF-8'>
window['adrum-start-time'] = new Date().getTime();
(function(config){
    config.appKey = 'EUM-XYZ-ABC';
    config.adrumExtUrlHttp = 'https://cdn.appdynamics.com';
    config.adrumExtUrlHttps = 'https://cdn.appdynamics.com';
    config.beaconUrlHttp = 'https://eum.myappd.com';
    config.beaconUrlHttps = 'https://eum.myappd.com';
    config.xd = {enable : false};
})(window['adrum-config'] || (window['adrum-config'] = {}));
</script>
<script src='https://cdn.appdynamics.com/adrum/adrum-latest.js'></script>

Regards,

Khalid

Ryan.Paredez
Community Manager

Hi @Khalid.Rehan,

Thank you for sharing the solution! 


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.

Khalid.Rehan
Creator

Hello @Ryan.Paredez 

It seems that the solution I posted does not apply to most cases.

I faced the same issue twice and the solution was to allow some policies on F5 loadbalancer related to CORS error.

It worked on one case, but I now have about 3 cases one of them F5 could not resolve it until now

I will update the post once I resolve it.

Regards,

Khalid

Ryan.Paredez
Community Manager

Hi @Khalid.Rehan,

Thank you for updating the thread and letting us know. 


Thanks,

Ryan, Cisco AppDynamics Community Manager




Found something helpful? Click the Accept as Solution button to help others find answers faster.

Liked something? Click the Thumbs Up button.



Check out Observabiity in Action

new deep dive videos weekly in the Knowledge Base.