We recently stood up a new ThingWorx 9.5.2 server and migrated our data from ThingWorx 9.3. When we select a Mashup and then Design the Preview does not load. We get a grey screen with a message that <servername> refused to connect. We do not see this issue in 9.3.
Solved! Go to Solution.
We figured out the issue. It was related to having “EnableContentSecurityPolicyFilter” set to true in the platform-settings.json file and not having the following lines uncommented in the the web.xml file under Thingworx/WEB-INF. We checked our ThingWorx 9.3 instance and those lines were uncommented, so we are not sure if this setting is commented out on new 9.5.2 installs or at some point we uncommented the lines on our 9.3 instance.
<filter>
<filter-name>ClickjackFilterAllowList</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>ALLOWLIST</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>
What does the browser console say (F12)?
I receive "refused to display <URL> in a frame because it set 'X-Frame-Options' to 'deny'. I'm able to see the mashup if I select "View Mashup" and also if I Edit the mashup then the Design tab works. It only appears to be an issue when I select the Design tab not in Edit mode.
We figured out the issue. It was related to having “EnableContentSecurityPolicyFilter” set to true in the platform-settings.json file and not having the following lines uncommented in the the web.xml file under Thingworx/WEB-INF. We checked our ThingWorx 9.3 instance and those lines were uncommented, so we are not sure if this setting is commented out on new 9.5.2 installs or at some point we uncommented the lines on our 9.3 instance.
<filter>
<filter-name>ClickjackFilterAllowList</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>ALLOWLIST</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>