Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
We recently stood up a new ThingWorx 9.5.2 server and migrated our data from ThingWorx 9.3. When we select a Mashup and then Design the Preview does not load. We get a grey screen with a message that <servername> refused to connect. We do not see this issue in 9.3.
Solved! Go to Solution.
We figured out the issue. It was related to having “EnableContentSecurityPolicyFilter” set to true in the platform-settings.json file and not having the following lines uncommented in the the web.xml file under Thingworx/WEB-INF. We checked our ThingWorx 9.3 instance and those lines were uncommented, so we are not sure if this setting is commented out on new 9.5.2 installs or at some point we uncommented the lines on our 9.3 instance.
<filter>
<filter-name>ClickjackFilterAllowList</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>ALLOWLIST</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>
What does the browser console say (F12)?
I receive "refused to display <URL> in a frame because it set 'X-Frame-Options' to 'deny'. I'm able to see the mashup if I select "View Mashup" and also if I Edit the mashup then the Design tab works. It only appears to be an issue when I select the Design tab not in Edit mode.
We figured out the issue. It was related to having “EnableContentSecurityPolicyFilter” set to true in the platform-settings.json file and not having the following lines uncommented in the the web.xml file under Thingworx/WEB-INF. We checked our ThingWorx 9.3 instance and those lines were uncommented, so we are not sure if this setting is commented out on new 9.5.2 installs or at some point we uncommented the lines on our 9.3 instance.
<filter>
<filter-name>ClickjackFilterAllowList</filter-name>
<filter-class>com.thingworx.security.filter.ClickjackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>ALLOWLIST</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>