Share:|

Hi All,

Recently we faced an issue where from Digital Workplace AIF forms are not visible but the same is visible via Internet Explorer. On further troubleshooting with BMC support team it seems due the latest enhancement in the midtier, the midtier pages are getting blocked when we tried to access via Firefox/Chrome.

 

In order to resolve this issue we have to follow the procedure as mentioned below;

 

Cause 

     New security filter (HttpHeaderSecurityFilter) introduced in 1805 midtier's web.xml blocking x-FRAME-OPTIONS header when launching from different origin causing the browser to refuse rendering the web page.

Solution 

If you want to be able to launch mid-iter, which is a different origin from DWP then you have to disable "clickJacking" portion of mid-tier's "HttpHeaderSecurityFilter" so that it doesn't add the "X-FRAME-OPTIONS" header causing the browser to refuse rendering the page. Edit mid-tier's web.xml (Installed Dir/midtier/WEB-INF/) and add parameter to disable mid-tier's clickjacking filter in the HttpSecurityHeaderFilter filter as shown in below snippet.

 

 

See snippet below:

---------------------------------------------------------------------

        <filter>

           <filter-name>HttpSecurityHeaderFilter</filter-name>

           <filter-class>com.remedy.arsys.config.HttpSecurityHeaderFilter</filter-class>

           <init-param>

                  <param-name>clickJackEnable</param-name>

                  <param-value>no</param-value>

           </init-param>

        </filter>

        <filter-mapping>

           <filter-name>HttpSecurityHeaderFilter</filter-name>

           <url-pattern>/*</url-pattern>

        </filter-mapping>

---------------------------------------------------------------------

 

 

NOTE: This issue will reproduce when MyIT/DWP and mid-tier hosted on different URL.This configuration change needs a tomcat service restart

 

 

Regards,

Jijil