Disabling a set of features that are blocked by a CSP
If your company uses a Content Security Policy (CSP) that blocks eval(),
Function(), and inline JavaScript processes, some Cognos Analytics features are
negatively impacted to different degrees.
In this situation, you must disable a set of impacted features to improve the user experience.
A CSP blocks features by restricting the use of unsafe CSP directives. For more information, see Content Security Policy (CSP).
If the unsafe directives do not appear in a CSP, some Cognos Analytics features are affected more than others, regardless of whether you disabled them or kept them enabled. However, by disabling the blocked features, you improve the user experience:
- If you do not disable the CSP-blocked features, users unexpectedly see broken web pages
and may be confused by error messages, such as
these:
- If you disable the CSP-blocked features and a user tries to use one of them, they receive a
message that the feature is unavailable.
For example, a user tries to open a legacy report that was created many years ago in a now-unsupported version of Cognos. Cognos Analytics tries to open the report in the Classic Viewer, as it was originally designed. However, the classic viewer is one of the components that you disabled, so the following message appears:
The classic viewer is not available with your current server configuration. Contact your administrator.
Before you begin
Procedure
- Click the enabled toggle icon
next to Allow features that require eval() or
Function(). The property is disabled. - Click the enabled toggle icon next to Allow features that require inline
JavaScript. The property is disabled.
Results
The Cognos Analytics legacy features that you disabled are not available to users.If a user tries to open use of these features, they will see a message that the component is unavailable.