If you have a SAS Stored Process that runs in Internet Explorer but fails on Chrome or Edge, that problem might be caused by a new Content-Security-Policy header for the SAS^® Web Server. The header is meant to reduce the risk of cross-site scripting attacks, and it was added for the SAS^® 9.4M5 (TS1M5) maintenance release. 

To resolve this issue, take the following steps.

1. Use a web developer tool to view the Console tab to see whether there is an error similar to the following within the web browser: 

do:1 Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback. 

This example error lets you know that the ajax.googleapis.com site is violating the Content Security Policy restrictions.  

2. Add the URL that is listed within the error message to the sas.conf file. The sas.conf file can be found in the following location: C:\SAS-configuration-directory\LevN\Web\WebServer\conf
   
   Here is an example of where to add the URL within the sas.conf file: 

Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ ; img-src * data: blob:;  frame-src * blob: data: mailto:; child-src * blob: data: mailto:; font-src * data:;" 

3. Restart the SAS Web Server for the changes to take effect.

SAS KB0036430, "Using the web browser developer tools to investigate issues in SAS^® Web Applications," discusses how to save the information that is collected from turning on the developer tool.