APAR status
Closed as program error.
Error description
When requests are sent to /api/explorer, the response does not return the Content-Security-Policy header. The URL /api/explorer is part of the openapi-3.0 feature.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * Liberty Core * **************************************************************** * PROBLEM DESCRIPTION: Add Content-Security-Policy to * * MicroProfile OpenAPI and API Discovery * * UI * **************************************************************** * RECOMMENDATION: * **************************************************************** Add CSP header to limit source locations from where MicroProfile OpenAPI and API Discovery UI can fetch the displayed content
Problem conclusion
The fix for this APAR is targeted for inclusion in fix pack 23.0.0.6. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH53192
Reported component name
WAS LIBERTY COR
Reported component ID
5725L2900
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-03-13
Closed date
2023-06-22
Last modified date
2023-06-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS LIBERTY COR
Fixed component ID
5725L2900
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
22 June 2023