Nexeed
    • Introduction
    • User manual
      • General Descriptions
        • Fine-grained access control
        • Ticket Management Groups
      • Ticket Management
        • Filter options
        • Ticket details
        • Ticket archiving
        • Ticket anonymization
        • Notifications
        • Ticket escalation mapping
      • Maintenance status widget
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • tm/ticket-service
      • Migration from Previous Versions
        • Migration to 7.3.0+
        • Migration to 7.4.0+
        • Migration to 7.4.1+
        • Migration to 7.8.0+
        • Migration to 7.9.0+
        • Migration to 7.10.0+
        • Migration to 7.11.0+
        • Migration to 7.12.0+
        • Migration to 7.13.0+
        • Migration to 7.13.1+
        • Migration to 7.14.0+
        • Migration to 7.16.0+
        • Migration to 7.17.0+
        • Migration to 7.20.0+
      • Setup and Configuration
        • Setup
          • Installation guide
        • Recommendations
        • Helm Configuration
        • Ticket Management global variables
        • tm/ticket-service
        • Ticket Management IAS dependencies
      • Start and Shutdown
      • Regular Operations
      • Failure Handling
      • Backup and Restore
      • Logging and Monitoring
        • Module Health Verification Endpoints and K8S Probes
      • Known Limitations
        • Maximum 2100 parameter support of MSSQL can lead to query failure
        • Users from different tenants can have issues when calling MACMA/MDM concurrently
        • Lost messages of Notification service if maximum retry is exceeded
    • Developer documentation
      • Getting Started
      • How-Tos
        • Domain Context Registration
        • Integrating Ticket Management Views
      • Failure Handling
        • Embedded View Blocked by Content Security Policy (CSP)
    • API documentation
      • HTTP API
    • Glossary
Ticket Management
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Ticket Management
  • Developer documentation
  • Failure Handling
  • Embedded View Blocked by Content Security Policy (CSP)

Embedded View Blocked by Content Security Policy (CSP)

An application’s Content Security Policy (CSP) can prevent an external view, such as one from TM, from being embedded in an e.g. <iframe>.

Symptom

When attempting to embed a TM view, the <iframe> may appear empty or show a browser error. The browser’s developer console will show a Content-Security-Policy error indicating that framing the external URL is not allowed.

Cause

The Content-Security-Policy HTTP response header is a security measure that controls which resources a browser is permitted to load. The frame-src directive within this policy restricts the origins that can be embedded in frames. If the TM view’s origin is not listed in the frame-src directive, the browser will block it.

Solution

To resolve this issue, you must update your application’s Content-Security-Policy HTTP header. Add the origin of the TM service to the frame-src directive. This change allows the browser to frame and display content from the specified TM origin.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses