We have been working on implementing the ArcGIS web maps on our site.
Does anyone have any recommendations for best practices with Nginx / Content-Security Policy when working with User Defined Maps that have custom domains? Specifically, when there are so many you can't enable all of them in CSP.
Is the best practice to set a wildcard in nginx? Looking for additional options regarding CSP and handling custom domains for user maps that are outside of the defined CSP.
Best practice for CSP is generally as locked down as possible. I haven't used CSP with Nginx, however, so no ideas about that sorry.
A CSP I have used in the past (a few API versions ago, however, may need some update):