SecurID prompt does not appear using Chrome and Firefox after adding a Security Policy on RSA Agent 8.0.3 for Apache web server
Originally Published: 2020-10-16
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for Web
RSA Version/Condition: 8.0.1 for Apache Web Server
Platform: Linux
O/S Version: Red Hat Linux 7.3
Issue
Header always set Content-Security-Policy "script-src 'self'; object-src 'self'" and user launches the Token Authentication page in Chrome or Mozilla, the page is blank with below error reported in the browser:
Refused to evaluate a string as JavaScript because 'unsafe-inline' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'". and relaxing the unsafe-inline policy as below able to go to the authentication page,
Header always set Content-Security-Policy "script-src 'self' 'unsafe-inline'; object-src 'self'"
but after entering the token credentials and submit, again error occurs stating to allow unsafe-eval,. Below is the error in console:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
Cause
Resolution
Related Articles
Axis 1.4 daylight saving bug concern Number of Views How to set user RADIUS profile to include Cisco vendor-specific DNS servers (primary and secondary) Number of Views SecurID: How to create node secret for clustered web server in RSA Authentication Manager Number of Views Manage the Node Secret Number of Views Remote Desktop Protocol Vulnerability MS12-020 Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
