CA AXA not receiving app session metrics from Firefox browser

Document ID : KB000120715
Last Modified Date : 21/11/2018
Show Technical Document Details
Issue:
A monitored application for which snippet injection has been implemented AXA is able to receive app session metrics from a Chrome browser but not from a Firefox browser. If execute a static page with the same snippet injection AXA does see app session metrics from the Firefox browser.
Environment:
CA AXA
Firefox browser
Cause:
During a Firefox debugging session determined from the Console Logging tab that snippet injection was failing due to the Content Security Policy i.e.
Content Security Policy:
The page’s settings blocked the loading of a resource at https://collector-axa.cloud.ca.com//api/1/urn:ca:tenantId:.../urn:ca:appId:...t/bajs?agent=browser (“default-src https://appserver_hostname 'unsafe-inline' 'unsafe-eval'”). 
Resolution:
1. The AXA web site https://collector-axa.cloud.ca.com was already added as exception under Firefox Options -> Security -> Exceptions. 
2. Also disabling the content check completely ("Block dangerous and deceptive content") also did not help.
3. After web search found this option to disable Firefox Content Security Policy (CSP)
https://discourse.mozilla.org/t/content-security-policy-the-pages-settings-blocked-the-loading-of-a-resource-at-self-script-src-moz-extension-3bac9b32-3742-477f-aace-3a5be74f3863/10362/10 
Enter "about:config" in Firefox navigation bar 
Double click on security.csp.enable to toggle it from true to false 
That change allowed the snippet injection to be successful from Firefox browser and app session metrics appeared in AXA
Additional Information:
The scenario was found using AXA SaaS (DXI) but could equally occur for an on-premise AXA install.