cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not a customer? Start a free trial

Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

cheng_w
New Poster
‎03-17-2018
since ‎03-11-2018

Discussion Feed

Re: Configuring CSP for EUM injection

by in End User Monitoring (EUM)
‎03-16-2018 12:28 AM
‎03-16-2018 12:28 AM
Awesome!   Thank you for your clarification and pointing out the potential pitfalls of this approach. ... View more

Re: Configuring CSP for EUM injection

by in End User Monitoring (EUM)
‎03-14-2018 03:51 AM
‎03-14-2018 03:51 AM
Thanks for your reply once again, Amit.    We are looking to use this technique to allow inline script: https://www.w3.org/TR/CSP2/#script-src-hash-usage   The steps are as follows: 1) Turn on appdynamics EUM 2) Check webpage and copy entire injected <script> block's contents 3) Compute sha-512 hash of the (2) 4) Configure AP to add this static CSP http header, with hash computed in (3), to every page served like such:  Content-Security-Policy: script-src 'sha512-YWIzOWNiNzJjNDRlYzc4MTgwMDhmZDlkOWI0NTAyMjgyY2MyMWJlMWUyNjc1ODJlYWJhNjU5MGU4NmZmNGU3OAo='   Using this method, any changes in the  injected <script> block's contents will break our CSP whitelist, as browser will disallow non-whitelisted javascript.   We would like to know if these block is subjected to changes, assuming we do not modify the configuration of Browser Application via the appdynamics dashboard. Possible changes that we thought of are JS logic changes or auto version up of adrum.ext.hash.js etc.    I hope I was able to explain it clearer this time! Thank you!     ... View more

Re: Configuring CSP for EUM injection

by in End User Monitoring (EUM)
‎03-11-2018 11:18 PM
‎03-11-2018 11:18 PM
Thanks Amit, appreciate your quick reply. I understand what you are saying and it clarified my second question. Could you also comment on my first question?   This is important to us because we are looking to whitelist script src in CSP by hashcode, so any changes to the injected <script> block will render this the setting invalid.    Will the injected script block change, i.e. JS logic updated or just a change of filename for  adrum.ext. hash .js,  thereby making my pre-computed hashcode invalid?   Thank you once again.   ... View more

Configuring CSP for EUM injection

by in End User Monitoring (EUM)
‎03-11-2018 10:06 PM
1 Kudo
‎03-11-2018 10:06 PM
1 Kudo
Hello everyone. I have read this article but I have some concerns. Would appreciate any help!   For context, our current configuration is as follows: Browser Application (EUM) Configuration -  Configure and download JavaScript Agent - AppDynamics hosts all JavaScript Agent files from cdn.appdynamics.com Application Configuration - User Experience App Integration - JavaScript Injection Automatic JavaScript injection - DISABLED Configure JavaScript injection - MyJavaClassAndMethodRule - ENABLED With this, my pages are injected with a large script block that also loads adrum.ext.hash.js   Now for CSP, we want to be more restrictive and do not want to enable ` unsafe-inline`.  We would like to whitelist the JS file(s) to be loaded and also the injected script block by hashcode. My questions are:  Will the injected script block change, i.e. JS logic updated or just a change of filename for  adrum.ext. hash .js,  thereby making my pre-computed hashcode invalid? The injected script block is significantly different from the generated one from Browser Application [ Configuration -  Configure and download JavaScript Agent -  Save Config & Generate HTML Snippet]. Why is that so and how do I control the script block that is injected? Thank you so much for reading!  ... View more
Latest Activity
Community Stats
Date Registered ‎03-11-2018 09:30 PM
Date Last Visited ‎03-17-2018 12:29 AM
Total Messages Posted 4
Total Kudos Received 1

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support