Open NicciZar opened 1 month ago
We've just updated to ThingWorx 9.6.1 and also noticed this problem coming from 9.3.9.
It can be solved by adding following Content Security Policy Rules
(configurable in PlatformSubsystem
):
font-src
https://cnd.jsdelivr.net/npm/script-src
https://cnd.jsdelivr.net/npm/worker-src
blob:You can manually Restart
the entity and after some minutes your environment should be using these modified rules (Shift + f5
).
Hope this helps 🤞
After updating to version ThingWorx 9.3.17-b2768 PTC enforces usage of their ContentSecurityPolicy found within PlatformSubsystem. It seems like the default settings makes it impossible for MonacoEditor to load the newComposer.bundle.js file.
CSP is a key security tool web browsers use to help secure against cross-site scripting (XSS), Clickjacking, and other data injection attacks. CSP works by injecting CSP headers from the ThingWorx Platform into the web browser to control what dynamic data and resources the browser can load and from what domains.
https://support.ptc.com/help/thingworx/platform/r9/en/#page/ThingWorx/Help/Composer/Security/ContentSecurityPolicy.html
It is configurable from within Thingworx but I am unsure which exact setting is the correct one.