Guest

Preview Tool

Cisco Bug: CSCvu26572 - TMS HTTP Response Header Content-Security-Policy value default-src 'self'

Last Modified

May 19, 2020

Products (1)

  • Cisco TelePresence Management Server

Known Affected Releases

15.11

Description (partial)

Symptom:
When HTTP Response Header Content-Security-Policy value default-src 'self' is configured in IIS, the TMS web gui fails to load completely.

This response header is needed to enhance web server security to prevent Cross Site Scripting (XSS) and data injection attacks.

If the Response Header is set to  Content-Security-Policy1 value default-src 'self', the page will load properly.

Conditions:
This is a requirement for customer's security policies.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.