After upgrading our Nomad server to v1.0.13 (running Domino v14.0FP1 on Linux 6.1.0-11-amd64), the Nomad client (v1.0.13.48-40) gets "Error 4839: Failed to make HTTP request" when executing NotesHTTPRequest.Get(url).
The browser console has the following error: <Refused to connect because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.>
I've tried setting a header rule for the internet site and restarting the server, but I still get the same message. The Content-Security-Policy in the browser response headers does NOT have a 'connect-src' directive set.
Any assistance with setting the connect-src directive in this policy would be really appreciated.
that's what led me to check the browser console and the HTTP headers, and then to try adding the header rule for the Internet site, but I still got the error and the response headers are unchanged.
You can customize the Content-Security-Policy header (and other server response HTTP headers) via the nomad-config.yml file in your Domino data directory. The documentation is at https://help.hcl-software.com/nomad/1.0_admin/config_options.html under "Configuring optional HTTP headers".
The format should be the following in nomad-config.yml, where "Content-Security-Policy" is two spaces indented from "httpHeaders":
The above is the default value of Content-Security-Policy out-of-the-box. Directives are separated by semi-colon.
Further customization is required if your environment uses Nomad Federated Login with SAML. The doc page shows an example of using AWS as the SAML Provider, and adds the domain under the connect-src directive with the value:
Changes to the CSP header may vary depending on your identity provider, but that config file should allow you to make changes. Once the changes are saved, you may restart the Nomad server task with the Domino console command: restart task nomad