Enable and Disable the Content Security Filter (CSP)
The CSP filter is supported in the following versions:
• 9.3.15
• 9.4.5
• 9.5.1
New Installation with the CSP Filter Enabled — Docker Compose
Set or update ENABLE_CONTENT_SECURITY_POLICY_FILTER to False under the ThingWorx Platform service in the docker-compose.yml file.
This setting is supported for
PostgreSQL,
Azure SQL, and
Microsoft SQL Server configurations.
Update the required files and
build.env variables from
Setting Up ThingWorx Docker Builds.
Variable Name
|
Values
|
Defaults
|
Comments
|
ENABLE_CONTENT_SECURITY_POLICY_FILTER
|
True/False
|
False
|
Enable/Disable CSP filter
|
|
CSP will be disabled in the new installation if the above environment variable is not set or the value is specifically set to False.
|
Upgrade ThingWorx to Versions that Support CSP
Upgrade ThingWorx with CSP Disabled
1. Back up the mounted web.xml from the previous deployment.
3. Set or update the ENABLE_CONTENT_SECURITY_POLICY_FILTER environment variable to False under the ThingWorx Platform service in the docker-compose.yml file.
4. Mount the new web.xml.
5. Stop the Platform container.
6. Follow the steps below to restore the Clickjack Filter configurations:
a. Copy the Clickjack Filter configurations from the backup web.xml file.
b. Paste the Clickjack Filter configurations into the newly mounted web.xml file.
7. Set or update the ENABLE_CONTENT_SECURITY_POLICY_FILTER to False under the ThingWorx Platform service in the docker-compose.yml file.
8. Restart the Platform container.
Upgrade ThingWork with CSP Enabled
1. Back up the mounted web.xml from the previous deployment.
3. Set or update the ENABLE_CONTENT_SECURITY_POLICY_FILTER environment variable to False under the ThingWorx Platform service in the docker-compose.yml file.
4. Mount the new web.xml.
5. Stop the Platform container.
6. Follow the steps below to restore the Clickjack Filter configurations:
a. Copy the Clickjack Filter configurations from the backup web.xml file.
b. Paste the Clickjack Filter configurations into the newly mounted web.xml file.
7. Set or update the ENABLE_CONTENT_SECURITY_POLICY_FILTER to True under the ThingWorx Platform service in the docker-compose.yml file.
8. Restart the Platform container.
|
Note the following:
• Do not replace the web.xml file with the older version. Copy the configurations manually from the back up file to the new web.xml file.
• ThingWorx will upgrade with the CSP filter disabled if the ENABLE_CONTENT_SECURITY_POLICY_FILTER environment variable flag is not specified or set to False explicitly.
• Clickjack Filter settings are migrated to CSP only when this flag is set to True, and Clickjack Filter settings are restored into the new web.xml file.
|
Enable/Disable CSP on an Existing Environment
To enable and disable CSP on an existing environment, perform the following steps:
1. Set or update the ENABLE_CONTENT_SECURITY_POLICY_FILTER environment variable to True under the ThingWorx Platform service in the docker-compose.yml file.
2. Restart the Platform container.
At ThingWorx startup, the ClickjackFilter configurations from the web.xml file are automatically migrated to CSP if all of the following conditions are satisfied:
• The CSP is turned on.
• The Clickjack Filter has been configured in the web.xml file.
• The CSP filter is not already configured by ThingWorx admin in ThingWorx Composer.