SAP Knowledge Base Article - Public

3059141 - Content-Security-Policy (CSP) configurations not saving


When attempting to modify CSPheader configurations in WEB_SECURITY property file, the configurations that are added/modified are removed when applying the changes.


SAP SuccessFactors Learning 1H 2021

Reproducing the Issue

  1. Access Learning Administration
  2. Go to System Administration > Configuration > System Configuration > WEB_SECURITY
  3. Add CSPheader.excludeURI[#]=[URL] and/or CSPheader.headerValues[frame-src]=
  4. Apply Changes
  5. Check to see if configurations were saved but were not saved


This is being investigated by the Engineering team via LRN-113234. We will be updating this article as more information is available. You can favorite (star) the KBA to get notifications on updates.


Content, Security, Header, Policy, WEB_SECURITY, save, removed, not, saving, updating, update,  , KBA , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Bug Filed


SAP SuccessFactors Learning 2105