Skip to main content

Known Issue

 Aiswarya Sudhakar (AiswaryaSudhakar)
MOD
Principal Knowledge Management Specialist
Pegasystems Inc.
IN
AiswaryaSudhakar Member since 2021 31 posts
MOD
Posted: 1 day 1 hour ago
Last activity: 1 day 1 hour ago
Posted: 10 Mar 2025 12:43 EDT
Last activity: 10 Mar 2025 12:43 EDT

Blank screen on opening web portal in Constellation

Issue

On opening the web portal of Constellation application, a blank screen is displayed.

Symptoms and Impact

The following screenshot shows the console errors when the issue occurs:

error console when blank screen appears

 

Steps to reproduce

  1. Create a Constellation application.
  2. Configure the DSS ConstellationPegaStaticURL with the value: https://release.constellation.pega.com:
  3. Configure the Content Security Policy (CSP) of Constellation application in its application definition rule and select the option Reject and Report.
  4. Launch the web portal.

Root cause

This behavior is consistent with the current design of Pega code or rules.
When a website attempts to load a resource, such as a script, image or stylesheet, that is not explicitly allowed by its Content Security Policy (CSP), a CSP error occurs. This means the browser blocks the resource due to the security restrictions set by the website owner, causing an error message in the developer console.

In a Constellation application, this issue occurs when the CSP is explicitly set to Reject and Report in Application rule (as shown in the following screenshot).

root cause for blank screen in web portal

In the DSS ConstellationPegaStaticURL, https://release.constellation.pega.com is being used. This URL domain is different from the platform domain.  As a result, the CSP interprets the resource from the unexpected domain as a violation of its rules, leading to a CSP error.

Solution

To avoid CSP errors, perform the following steps to add the ConstellationPegaStaticURL value to the trusted URLs:

  1. Perform a SaveAs of an OOTB CSP rule to custom ruleset and make the following changes in the CSP rule.
    1. In the Image-Source dialog box, select the checkbox for Self. In the Allowed Websites field, add the ConstellationPegaStaticURL value. Refer to the following image:
      solution for blank screen on web portal of constellation
    2. In the Script-Source dialog box, select the checkbox for Self. In the Allowed Websites field, add the ConstellationPegaStaticURL value.
    3. In Style-Source dialog box, select the checkbox for Self. In the Allowed Websites field, add the ConstellationPegaStaticURL value.
    4. In Connect-Source dialog box, select the checkbox for Self. In the Allowed Websites field, add the ConstellationPegaStaticURL value.
Note: Unlike the traditional UI, Constellation does not require the use of unsafe-eval or unsafe-inline in script-src and style-src.

Environment

All Pega PlatformTM versions.

References

 

To see attachments, please log in.
Pega Platform 8.8.5
Pega Platform 8.8.4
Pega Platform 8.8.3
Pega Platform 8.8.2
Pega Platform 8.8.1
Pega Platform 8.8
Pega Platform 24.2.1
Pega Platform 23.1.4
Pega Platform '24.2
Pega Platform '24.1.2
Pega Platform '24.1.1
Pega Platform '24.1
Pega Platform '24
Pega Platform '23.1.3
Pega Platform '23.1.2
Pega Platform '23.1.1
Pega Platform '23
Pega Platform
Security
Found in Version header: Pega Platform 8.8.5, Pega Platform 8.8.4, Pega Platform 8.8.3, Pega Platform 8.8.2, Pega Platform 8.8.1, Pega Platform 8.8, Pega Platform 24.2.1, Pega Platform 23.1.4, Pega Platform '24.2, Pega Platform '24.1.2, Pega Platform '24.1.1, Pega Platform '24.1, Pega Platform '24, Pega Platform '23.1.3, Pega Platform '23.1.2, Pega Platform '23.1.1, Pega Platform '23

Did you find this content helpful?
Yes
No

  • Reply

Related content:

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice