Troubleshooting information

The following information addresses technical situations that you might encounter after setting up the ID DataWeb Integration Kit.

Situation Information

Situation	Information
Using ID DataWeb with PingFederate 11.3 results in the following error: `Refused to load the script 'https://content.maxconnector.com/fp/tags.js?org_id=716kkpe1&api_key=bvrbl1ev61nw7zq7&pageid=verify&session_id=577fa681-da3d-45e0-b982-6fa0841cc2bd' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-sJyOa0AjeQgjsZDh'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.`	Update the HTML form template in `$PF_HOME/server/default/conf/templates`. HTML pages implementing ContentSecurityPolicy restrictions might require updating the `script-src` and `image-src` CSP settings when adding the `id_dataweb_device_profiling` JavaScript file to the page. Update `script-src` and `img-src` to include the `https://content.maxconnector.com` and `.online-metrix.net` host names. For example, PingFederate 11.3 has updated default templates with strict CSP settings. To use the `id_dataweb_device_profiling` JavaScript file with PingFederate 11.3 default templates, update the following line in the template’s CSP settings: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-$CSPNonce'; style-src 'self'; img-src 'self'; font-src 'self';" /> Updated line: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://content.maxconnector.com .online-metrix.net; style-src 'self'; img-src 'self' https://content.maxconnector.com *.online-metrix.net; font-src 'self';" />

Using ID DataWeb with PingFederate 11.3 results in the following error:

Refused to load the script 'https://content.maxconnector.com/fp/tags.js?org_id=716kkpe1&api_key=bvrbl1ev61nw7zq7&pageid=verify&session_id=577fa681-da3d-45e0-b982-6fa0841cc2bd' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-sJyOa0AjeQgjsZDh'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Update the HTML form template in $PF_HOME/server/default/conf/templates.

HTML pages implementing ContentSecurityPolicy restrictions might require updating the script-src and image-src CSP settings when adding the id_dataweb_device_profiling JavaScript file to the page. Update script-src and img-src to include the https://content.maxconnector.com and *.online-metrix.net host names.

For example, PingFederate 11.3 has updated default templates with strict CSP settings. To use the id_dataweb_device_profiling JavaScript file with PingFederate 11.3 default templates, update the following line in the template’s CSP settings:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-$CSPNonce'; style-src 'self'; img-src 'self'; font-src 'self';" />

Updated line:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://content.maxconnector.com *.online-metrix.net; style-src 'self'; img-src 'self' https://content.maxconnector.com *.online-metrix.net; font-src 'self';" />