Product/components used and version/fix level: MWS 10.5

Detailed explanation of the problem: We have done a new installation of MWS component in one of our environments, and we’re able to successfully sync with old one.

Issue I’m facing now is, one of our custom Portlet which trying to establish the connection from MWS to ESB server we’re getting error on the console as “Refused to connect to ‘http://localhost:5555/’ because it violates the following Content Security Policy directive: “connect-src ‘self’ https:”.“

And the same war file when we promote it to higher environments, its working as expected and users were able to perform their day today activity.

Hence I’m unsure whether the issue is with the installation or Firewall related or do we need to explicitly configure any additional parameters to over come this error, because the Custom portlet is working as expected when we promote it to other environments.

Error messages / full error message screenshot / log file:

I got this error from Console when I inspect the browser screen,
“Refused to connect to ‘http://localhost:5555/’ because it violates the following Content Security Policy directive: “connect-src ‘self’ https:”

And nothing was printed in server logs or error logs.

Question related to a free trial, or to a production (customer) instance? Customer Instance

Please note that both MWS and ESB are installed on the same machine

Can you share the related _full_.log entries here please? You can also try the steps below. I found it in empower, it looks similar to your problem. I hope it helps.

1. Stop the MWS server if it is running.

2. Go to the profile folder under installation directory (C:\SoftwareAG\profiles\MWS_default\configuration)

3. Open the custom_wrapper.conf  file and add below entry in this file.

# CSP (Content-Security-Policy) settings

wrapper.java.additional.605=-Dcom.webmethods.content.security.disabled=true
wrapper.java.additional.606=-Dcom.webmethods.content.security.hosts= <host_name>


4. Start the MWS server and see the results.

Hi @engin_arlak ,

I did tried these steps, but this didn’t help… the issue remains the same.
there is no error printed on the full.log file, it just printed as below,

2023-06-19 10:29:46 AEST (c.w.p.f.i.PortalServlet:INFO) [qtp1766513480-198][ [RID:310]] [ [RID:310]] - Request [n5pief8mxue01acluyi9f9dkm:nambi.narayanan] http:/localhost:8585/appManager (GET)
2023-06-19 10:29:46 AEST (jsf:INFO) [qtp1766513480-198][ [RID:310]] [ [RID:310]] - sessionTimeoutValue=1800

Without the log files its impossible to detect the actual problem. All we can do is guess. For MWS if I ever experience any problems (which usually happens during fresh environment build, i.e. initial installation) I try to recreate OSGi profile first(especially if I have no clue). It usually fixes most of the problems. If that doesn’t work and if the environment is fresh I just reinstall it. Recreating the MWS instance is the same as fresh install.
update OSGi profile

If this doesn’t work and If you don’t have any important data/package deployed on MWS you can delete the instance and create it again.
MWS Instance Administration

Keep in mind that all these are just guesses and remember to back up any important data/configuration.

How to execute commands to MWS

Thanks @engin_arlak , I was able to resolve the issue…
Had to include

Under: Manage Response Header Rules
Update: include connect-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’ http://localhost:*; font-src ‘self’ https:;

and restart the MWS