Troubleshooting information

The following information addresses technical situations you might encounter after setting up the iovation Integration Kit:

Situation Recommendation

Situation	Recommendation
Using iovation with PingFederate 11.3 results in the following error: `iovation_device_profiling.js:5 Refused to load the script 'https://mpsnare.iesnare.com/general5/xz1wcI_mlev7ZyvfJj94rYhbKk9av1rsH3sDg5_JGsQ/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-6Uzh6NlXESurUeLj'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.`	Update the HTML form template in `$PF_HOME/server/default/conf/templates`. HTML pages implementing ContentSecurityPolicy restrictions might require updates to the `script-src` and `image-src` CSP settings when adding the `iovation_device_profiling` JavaScript file to the page. Update `script-src` and `img-src` to include the `https://mpsnare.iesnare.com` host name. For example, PingFederate 11.3 has default templates with strict CSP settings. To use the `iovation_device_profiling` JavaScript file with the default templates, update the following line in the template’s CSP settings: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-$CSPNonce'; style-src 'self'; img-src 'self'; font-src 'self';" /> Updated line: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://mpsnare.iesnare.com; style-src 'self'; img-src 'self' https://mpsnare.iesnare.com; font-src 'self';" />

Using iovation with PingFederate 11.3 results in the following error:

iovation_device_profiling.js:5 Refused to load the script 'https://mpsnare.iesnare.com/general5/xz1wcI_mlev7ZyvfJj94rYhbKk9av1rsH3sDg5_JGsQ/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-6Uzh6NlXESurUeLj'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Update the HTML form template in $PF_HOME/server/default/conf/templates.

HTML pages implementing ContentSecurityPolicy restrictions might require updates to the script-src and image-src CSP settings when adding the iovation_device_profiling JavaScript file to the page. Update script-src and img-src to include the https://mpsnare.iesnare.com host name.

For example, PingFederate 11.3 has default templates with strict CSP settings. To use the iovation_device_profiling JavaScript file with the default templates, update the following line in the template’s CSP settings:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-$CSPNonce'; style-src 'self'; img-src 'self'; font-src 'self';" />

Updated line:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://mpsnare.iesnare.com; style-src 'self'; img-src 'self' https://mpsnare.iesnare.com; font-src 'self';" />