NGINX - CSP ArcGIS Web Maps

163
1
01-11-2022 12:42 PM
joeTC
by
New Contributor

Hello!

We have been working on implementing the ArcGIS web maps on our site.

Does anyone have any recommendations for best practices with Nginx / Content-Security Policy when working with User Defined Maps that have custom domains? Specifically, when there are so many you can't enable all of them in CSP.

Is the best practice to set a wildcard in nginx? Looking for additional options regarding CSP and handling custom domains for user maps that are outside of the defined CSP.

Thanks!

0 Kudos
1 Reply
Stacy-Rendall
New Contributor III

Best practice for CSP is generally as locked down as possible. I haven't used CSP with Nginx, however, so no ideas about that sorry.

 

A CSP I have used in the past (a few API versions ago, however, may need some update):

        "default-src 'self'; script-src 'self' https://js.arcgis.com 'unsafe-eval'; style-src 'self' https://js.arcgis.com 'unsafe-inline'; font-src https://js.arcgis.com; worker-src blob:; connect-src https://*.arcgis.com; img-src data: https://*.arcgis.com"
0 Kudos