cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Gaurav.Soni
AppDynamics Team (Retired)

Problem:

 

The user has instrumented a web application with version 4.3 adrum-config.js, but they do not see the adrum beacon posted.

 

Opening a browser's dev tools shows the following error message:

 

html:51 A Parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.appdynamics.com/adrum/adrum.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message.See https://www.chromestatus.com/feature/5718547946799104 for more details.

 

Solution:

 

Users who try to run the document.write command from the adrum-config.js file will fail, as the file is served from a different domain, so the browser will not allow it.

 

  1. To resolve this issue, one option is to use the adrum-config script inline within the head tag.
  2. Another option is to remove the document.write code from the adrum-config.js file and add the adrum.js manually via the script tag.

 

Example:

Within the adrum-config.js file:

window['adrum-start-time'] = new Date().getTime();
(function(config){
    config.appKey = 'AD-AAB-XXX-XXX';
    config.adrumExtUrlHttp = 'http://cdn.appdynamics.com';
    config.adrumExtUrlHttps = 'https://cdn.appdynamics.com';
    config.beaconUrlHttp = 'http://col.eum-appdynamics.com';
    config.beaconUrlHttps = 'https://col.eum-appdynamics.com';
    config.xd = {enable : false};
})(window['adrum-config'] || (window['adrum-config'] = {}));

 

And within the index.html:

<html lang="en">
  <head>
    <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
 ...
 ...
 <script src="/assets/adrum/adrum-config.js"></script>
 <script src="https://cdn.appdynamics.com/adrum/adrum.js"></script>
 ...
 ...
  </head>
  <body>
      ...
      ...
  </body>
</html>

 

Comments
alakshya.maheria
Architect

Hi Erin, Gaurav,

This helped me a lot. however my issue was the application team had incorporated content default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; CSP policy. Therefore the above solution did not work completely.

Below is what worked out.

Add cdn.appdynamics.com and col.eum-appdynamics.com to the content in the CSP policy as below

content="default-src 'self' cdn.appdynamics.com col.eum-appdynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.appdynamics.com col.eum-appdynamics.com;"

PLUS your changes that you have suggested.

Regards,

Alakshya

Gaurav.Soni
AppDynamics Team (Retired)

HI Alakshya,

 

Thanks for pointing. That bit is covered here: https://docs.appdynamics.com/pages/viewpage.action?pageId=42584066

 

Regards,

Gaurav Soni

alakshya.maheria
Architect

Thanks for the reference Gaurav.

Regards,

Version history
Last update:
‎10-12-2018 02:33 PM
Updated by:
Join Us On December 10
Learn how Splunk and AppDynamics are redefining observability


Register Now!

Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!


Read the blog here