Community
Select to view content in your preferred language

NGINX - CSP ArcGIS Web Maps

465
1
01-11-2022 12:42 PM
joeTC
by
New Contributor
‎01-11-2022 12:42 PM

Hello!

We have been working on implementing the ArcGIS web maps on our site.

Does anyone have any recommendations for best practices with Nginx / Content-Security Policy when working with User Defined Maps that have custom domains? Specifically, when there are so many you can't enable all of them in CSP.

Is the best practice to set a wildcard in nginx? Looking for additional options regarding CSP and handling custom domains for user maps that are outside of the defined CSP.

Thanks!

0 Kudos
1 Reply
Stacy-Rendall
by
New Contributor III
‎01-16-2022 12:27 PM

Best practice for CSP is generally as locked down as possible. I haven't used CSP with Nginx, however, so no ideas about that sorry.

 

A CSP I have used in the past (a few API versions ago, however, may need some update):

        "default-src 'self'; script-src 'self' https://js.arcgis.com 'unsafe-eval'; style-src 'self' https://js.arcgis.com 'unsafe-inline'; font-src https://js.arcgis.com; worker-src blob:; connect-src https://*.arcgis.com; img-src data: https://*.arcgis.com"
0 Kudos