This article is intended for Citrix administrators and technical teams only.
Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.
 

Users get error when accessing Citrix environment using StoreFront 2.x  and HTML5 Receiver 1.3 on Chrome v40 and later.
In browser console logs you may see an error like the following:
Refused to create a child context containing 'https://citrix.domain.com/Citrix/Web/clients/HTML5Client/src/Business/IcaClient11231703102013WM0.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'child-src' was not explicitly set, so 'default-src' is used as a fallback.

1. If using StoreFront 2.5 upgrade the Receiver for HTML5 to the latest version.
   See Citrix Downloads for latest - Receiver for HTML5 1.5.

2. If using StoreFront 2.1 upgrade to StoreFront 2.6. See Citrix Downloads for latest - StoreFront

This workaround can be used to let Receiver function until StoreFront/HTML5 is upgraded in your environment.

1. Edit SessionWindow.html file at "C:\Program Files\Citrix\Receiver StoreFront\HTML5Client\src\SessionWindow.html"

2. Find <meta http-equiv="content-security-policy" content="default-src 'none';

3. Add child-src directive <meta http-equiv="content-security-policy" content="default-src 'none'; child-src 'self';

Problem Cause

In Google Chrome 40 there is a change related to Content Security Policy Level 2 which breaks the connection if you are using Receiver for HTML5 1.3.