After deploying Connections 5.0 CR4, the business cards and photo’s integration in Sametime chat (the webbrowser version) suddenly stopped working.
The problem is more pronounced in Internet Explorer.
The photo doesn’t load, nor does the business card information (the phonenumber, email address).

See the screenshot below: Image:Sametime business cards from Connections

In the traces in the browser, it is clear that there’s a HTTP 403 error (forbidden) on this call :

https://-SERVER-/profiles/json/profile.do?email=-EMAIL-&lang=en_us&callback=stproxy.uiControl.connections.businesscard.  
onBusinessCard&dojo.preventCache=1463032209022  

It wasn’t very high on my priority list, but I’ve not found out what the problem is (thanks to IBM Support).

Apparently, in CR4, something changed in the profiles-config.xml configuration: allowJsonpJavelin enabled is changed from true to false.

So the solution is simple, change this back from false to true , sync the nodes , and restart the server(s) that contains your Profiles application.

<!--  
           Optional security setting for Profiles javelin card. This setting is to disallow JSONP security.  
           Older 3rd party software may will not work with this setting unless they include a reverse proxy.  
           All of the Connections application will work with JSONP disabled.  
       -->  
       <allowJsonpJavelin enabled="true"/>