IBM Support

PH53192: THE /API/EXPLORER URL FROM OPENAPI-3.0 DOES NOT RETURN CONTENT-SECURITY-POLICY HEADER

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When requests are sent to /api/explorer, the response does not
    return the Content-Security-Policy header.  The URL
    /api/explorer is part of the openapi-3.0 feature.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    *                  Liberty Core                                *
    ****************************************************************
    * PROBLEM DESCRIPTION: Add Content-Security-Policy to          *
    *                      MicroProfile OpenAPI and API Discovery  *
    *                      UI                                      *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Add CSP header to limit source locations from where MicroProfile
    OpenAPI and API Discovery UI can fetch the displayed content
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PH53192

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2023-03-13

  • Closed date

    2023-06-22

  • Last modified date

    2023-06-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
22 June 2023