Overview
When using Newired with Siemens Polarion ALM, several Site Settings need to be configured to ensure reliable element detection, correct Journey navigation, and stable overlay behavior. This article describes the recommended standard configuration for a Polarion-based site in the Newired Portal.
These settings are applied at the Site level and should be reviewed when creating a new Polarion site or when Journeys are experiencing element detection or navigation issues.
How to access Site Settings
- Log in to the Newired Portal.
- Select the Site that is connected to your Polarion instance.
- Click on the Settings tab in the top navigation bar.
- Select the Site Settings sub-tab.
Recommended configuration
Rules for excluding Element IDs
Polarion generates many element IDs dynamically (for example, IDs prefixed with DOM_ or composed of alphanumeric strings that change on each page load). Trusting these IDs without exception would cause Journey steps to fail to locate the correct element after a reload.
Recommended setting: Trust the Element ID with these exceptions
Add the following patterns to the exceptions list:
Pattern | Reason |
DOM_.* | Excludes auto-generated DOM IDs that are not stable |
[A-Z_0-9]* | Excludes uppercase alphanumeric IDs that are typically generated dynamically in Polarion |
Note: These are regular expression patterns. The .* notation means "any characters following the prefix". If your Polarion environment uses additional dynamic ID patterns, ask your IT administrator to identify them and add them here.
Rules for excluding Element classes
Similarly, Polarion uses dynamic CSS class names (such as GEF.* classes used by the GEF/Eclipse-based UI framework) that change across sessions or page renders.
Recommended setting: Trust the Element classes with these exceptions
Add the following patterns to the exceptions list:
Pattern | Reason |
GEF.* | Excludes GEF framework classes which are dynamic in Polarion's UI layer |
[A-Z_0-9]* | Excludes other dynamically assigned uppercase class names |
Tip: To learn more about how element class exclusion works, see Selector precision: Ignoring classes.
Element search attempts
Because Polarion is a complex web application that renders UI elements asynchronously, Newired may need extra time to locate page elements before a Journey step can attach to them.
Recommended settings:
Setting | Recommended value |
Element search attempts count | 5 |
Element search attempts interval | 500 milliseconds |
Automatically detect page changes | Enabled (ON) |
These values give the overlay up to 2.5 seconds (5 × 500 ms) to locate an element before reporting a detection failure. Enabling Automatically detect page changes ensures that single-page navigation within Polarion is correctly tracked.
If Journeys still fail to find elements consistently, consider increasing the attempts count to 8–10 or the interval to 800–1000 ms. See also Fine-tuning the Step Element Detection.
Journey Step URL — Step URL auto fill
Recommended setting: Disabled (OFF)
Polarion URLs can include dynamic project identifiers and hash-based routing. Enabling auto fill may capture URLs that are too specific and cause Journeys to fail when launched from a different project context.
Leave this toggle off and define step URLs manually during Journey authoring.
Relative URLs
Polarion is typically deployed under a path such as /polarion. Because the domain may vary between environments (staging, production, customer instances), enabling Relative URLs ensures that Journeys and Tips work correctly regardless of the base domain.
Recommended setting: Enabled (ON)
With this setting active, the overlay will match steps and tips based on the relative path only (e.g., /polarion/#/project/...) rather than the full URL. This makes your content portable across environments.
Important: Relative URLs cannot be used together with Cross-application (multi-URL) Journeys. If you need cross-domain Journeys in your Polarion setup, keep this setting off and configure each URL explicitly. See Relative URLs and Creating Cross-application Journeys for more detail.
Content Security Policy (CSP) configuration for Polarion
Polarion ships with a bundled Apache HTTP server and typically enforces a Content Security Policy that restricts which external scripts, styles, and resources can be loaded. Without the correct CSP configuration, the Newired overlay will be blocked by the browser and will not appear for end users.
How to identify a CSP issue
Open the browser's developer tools (press F12) and navigate to the Console tab. A CSP-related block typically looks like this:
Refused to load the script 'https://your-newired-portal-url/...' because it violates
the following Content Security Policy directive: "script-src 'self' ..."
If you see messages like this, the Polarion server's CSP headers need to be updated.
Required CSP directives
The Newired overlay needs permission across the following directives. Replace https://your-newired-portal-url with the actual URL of your Newired Portal (or content delivery server if separate):
Directive | Purpose |
script-src | Allows the Newired overlay JavaScript to be loaded and executed |
style-src | Allows Newired CSS stylesheets to be applied |
font-src | Allows Newired icon fonts to be loaded |
connect-src | Allows the overlay to make HTTP requests to the Newired Portal (required for analytics, surveys, and content fetching) |
img-src | Allows images embedded in Journey steps or Tips to be displayed |
frame-src | Allows cross-domain storage iframes used by the overlay |
Example Apache CSP header for Polarion
The recommended approach for Polarion is to set the CSP header via the bundled Apache configuration, targeting all pages. Add or extend the following directive in your Apache virtual host or .htaccess configuration:
apache
Header always set Content-Security-Policy "\ script-src 'self' 'unsafe-inline' 'unsafe-eval' https://your-newired-portal-url; \ style-src 'self' https://your-newired-portal-url; \ font-src 'self' data: https://your-newired-portal-url; \ connect-src 'self' https://your-newired-portal-url; \ img-src 'self' data: https://your-newired-portal-url; \ frame-src 'self' https://your-newired-portal-url;"
Important: Do not replace your existing CSP header wholesale. Always extend the existing directives by appending the Newired Portal URL to each relevant source list. Replacing the full header may break other Polarion security controls. Review any changes with your IT security team before applying them to a production environment.
Note: 'unsafe-inline' and 'unsafe-eval' are required by the Newired overlay JavaScript engine. These are standard requirements for browser-based DAP overlays and are consistent with the way similar tools operate.
Verifying the fix
After applying the CSP changes and restarting Apache:
- Hard-refresh Polarion in the browser (Ctrl+Shift+R or Cmd+Shift+R).
- Open the browser console and confirm there are no remaining Refused to load errors referencing the Newired URL.
- Verify the Newired Launcher appears on the Polarion page.
If CSP errors persist for specific directives, check the exact error message in the console and add the missing directive accordingly.
Summary table
Setting | Recommended value |
Rules for excluding Element ID | Trust with exceptions: DOM_.*, [A-Z_0-9]* |
Rules for excluding Element classes | Trust with exceptions: GEF.*, [A-Z_0-9]* |
Element search attempts count | 5 |
Element search attempts interval | 500 ms |
Automatically detect page changes | ON |
Step URL auto fill | OFF |
Use relative URLs | ON |
CSP: script-src | Add Newired Portal URL + 'unsafe-inline' 'unsafe-eval' |
CSP: style-src | Add Newired Portal URL |
CSP: font-src | Add Newired Portal URL + data: |
CSP: connect-src | Add Newired Portal URL |
CSP: img-src | Add Newired Portal URL + data: |
CSP: frame-src | Add Newired Portal URL |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article