1. Knowledge Articles
  2. Troubleshooting
  3. Content Security Policy (CSP) Error Correction

Content Security Policy (CSP) Error Correction

What is a CSP Error?

In simple terms, the OGL Help Widget will not load/display in the application due to a security policy.

Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header, which allows you to create an allowlist of trusted content sources and instructs the browser to only execute or render resources from those sources. The web's security model is rooted in the same-origin policy. For example, code from https://mybank.com should only have access to https://mybank.com's data, and https://evil.example.com should certainly never be allowed access. With this policy defined, the browser throws an error instead of loading scripts from outside sources (Source: Content Security Policy). This includes data from Oracle Guided Learning.

How to Troubleshoot

  1. Right-click (Control-click on a Mac) on the application Homepage, then select Inspect from the menu.
  2. Switch to the Console tab. Note the error in the Console relating to the Content Security Policy. It will read "Refused to load the script..." followed by the OGL URLs.


    error in browser console

How to Correct a CSP Error

  1. On the Fusion application Homepage, select the Settings and Actions icon (SI icon) and then select Setup and Maintenance.

    settings and actions

    Alternatively, select the Navigator icon (navigator icon) → OthersSetup and Maintenance.

  2. Select the Tasks icon (task icon) on the Setup and Maintenance screen to view the slide menu. Then select Search from the options in the slide menu.

    slide menu
  3. In the search field, enter "Manage Administrator Profile Values" and then select the Search icon (search icon).
  4. From the search result, select Manage Administrator Profile Values.

    A new window opens now, where you can manage Administrator Profile Values.

  5. Enter ORACLE.ADF.VIEW.ALLOWED_ORIGINS in the Profile Option Code field and then select Search.

    profile option

    Note:

    More information on this profile option can be found on Cross-Origin Resource Sharing.
  6. Scroll down to view the Profile Value results displayed.

    The field value may appear as "‘self’" or "‘self’ https://xyz.com" (with your organization-specific domain).Profile options results

  7. Depending on your data centre region, enter the Profile Value as provided below:
    • NA Tenancy: 'self' https://guidedlearning.oracle.com
    • EMEA Tenancy: 'self' https://guidedlearning.oracle.com https://guidedlearning-emea.oracle.com
    • APAC Tenancy: ‘self’ https://guidedlearning.oracle.com https://guidedlearning-apac.oracle.com

    Note:

    • You may find the field value appears as ‘self’ <third party URL> or ‘self’ with your organization-specific URLs. Do NOT overwrite any URLs that are already defined, add the OGL URLs to the existing URLs.
    • Use the whitespace separator (single space) between the URLs (i.e. 'self'<white_space><url_1><white_space><url_2><white_space><url_3>).
    • You can find more details on this profile value in this Oracle article.
    • This applies for Fusion version 21.04.0 or later.
  8. Select Save and Close to save your changes and exit the Manage Administrator Profile Values task.
  9. Log out of the application and log in again.
  10. Go to the Homepage to verify that the OGL Help Widget is visible.
    widget appears when error is corrected

    You have now successfully resolved the CSP error.

    CSP Error in Non-Fusion Applications

    If you experience a CSP error in your non-Fusion application, contact your IT support team to ensure that OGL-related servers and services are whitelisted.