Table of Contents
Issue
Recently I saw quite a few broken HTML5 Workspace Sessions, when trying to connect via Citrix Gateway (using internal directly HTML5 to Secure ICA is working fine) after updating the Site to 1912 LTSR CU5 or 2203 LTSR CU1. NetScaler is on different builds on 12.1 or 13.0 – doesn’t matter.
I tried different latest HTML5 Workspace App versions on StoreFront, as the old one like 20.10.0.4135 was working fine, newer builds never will connect. When starting a HTML5 Session via Citrix Gateway, it starts spinning up and stuck forever.
When using Internet Explorer 11 it is working fine, so it looked like an issue with modern browsers.
Solution
Together with Citrix Support we were able to identity the issue. The latest HTML5 Workspace Versions introduced certain Javascript code, which is breaking the legacy CVPN (CVPN V1).
The solution is to use and enable Advanced CVPN (-> Advanced Clientless VPN Mode) in your Citrix Gateway Session Profile.
Make sure that the following two settings are enabled. After changing these settings and relogin to your Citrix Gateway, modern browsers like MS Edge / Chrome / Firefox / Safari will work with HTML5, again. Even Internet Explorer 11 will continue to work.
Summary
I hope this Quickpost will save you some time troubleshooting HTML5 connection issues with Citrix Gateway.
Hi Julian,
I have tried this out the HTML light version which most our people rely on – we have an issue with the same problem as described above. For weeks and for the life of me I cant fix this problem for our users we are having to resort to ICA file download and receiver mode instead.
The HTML code refers to Content-Security-Policy: Couldn’t parse invalid host ‘wasm-eval’ and lots more blocked code ,this happened in May suddenly and hasnt worked for us since even with citrix support!!
It works in safari as it ignores the CSPolicy and we are using ADCs @13.0
I have tried your method with no avail.
Can you help?
Hi Ryu,
are there any Rewrite policies bound to your NSGW where Securityheader’s like Content-Security-Policy are configured? If so, can you please share these policies to check further?