Cisco Bug: CSCvu26572 - TMS HTTP Response Header Content-Security-Policy value default-src 'self'
May 19, 2020
- Cisco TelePresence Management Server
Known Affected Releases
Symptom: When HTTP Response Header Content-Security-Policy value default-src 'self' is configured in IIS, the TMS web gui fails to load completely. This response header is needed to enhance web server security to prevent Cross Site Scripting (XSS) and data injection attacks. If the Response Header is set to Content-Security-Policy1 value default-src 'self', the page will load properly. Conditions: This is a requirement for customer's security policies.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases