For hosted customers please raise a new case online and reference the title of this article.
These instructions are designed for IT teams, so you may need to pass this on to your local team.
Update the Content-Security-Policy in Apache to allow the iframe content i.e. https://prof.dorsetcarerecord.nhs.uk/
The Apache Content Security Policy will be configured in either the ssl.conf or httpd.conf file on the Mosaic app server. For Redhat, the file locations will usually be /etc/httpd/conf.d/ssl.conf or /etc/httpd/conf/httpd.conf
Please see below working example, bold indicates the require change:
Header set Content-Security-Policy: "default-src 'self' data: ; \
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com ; \
object-src 'self' ; style-src 'self' https://fonts.googleapis.com https://ajax.googleapis.com data: 'unsafe-inline' ; \
img-src 'self' https://ajax.googleapis.com data: ; \
media-src 'self' data: ; \
frame-src 'self' https://prof.dorsetcarerecord.nhs.uk data: mailto: ; \
font-src 'self' https://fonts.gstatic.com data: ; \
connect-src 'self' data: "
Restart Apache for the change to take effect. Please see instructions below.
apachectl stop
apachectl start