Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,255 questions
How to set Content Security Policy for Application Insights in Interop mode for Azure App Service with Azure Front Door?
David Sass
7
Reputation points
Greetings,
I am getting this error message when I inject Application Insights into my dotnet core webapp and I have no luck setting the appropriate Content Security Policy (CSP) with Azure Front Door's rule engine
Refused to load the script 'https://js.monitor.azure.com/scripts/b/ai.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I use the following CSP:
content-security-policy: script-src https://*.contoso.com https://js.monitor.azure.com
I appreciate any help because I am loosin' it
{count} votes
-
Ryan Hill 28,106 Reputation points Microsoft Employee2023-05-31T23:38:51.9166667+00:00 @Anonymous I take it you already followed the steps outlined in Implement Content Security Policy (CSP), and disable inline JavaScript?
-
David Sass 7 Reputation points
2023-06-01T08:05:55.1033333+00:00 I didn't, but now that I switched from
content-security-policy: script-src https://*.contoso.com https://js.monitor.azure.comover to
content-security-policy: style-src 'self'; default-src 'self'; script-src 'self' https://js.monitor.azure.comit's is actually worse because now the inline-css also stopped working.
I'd like to keep the inline scripts and styles for now (give time the devs to make changes) but I also want
js.monitor.azure.comto work.PS: We need more examples in the docs because this is really not clear to me.
-
Ryan Hill 28,106 Reputation points Microsoft Employee
2023-06-01T21:10:56.2866667+00:00 What error messages are you receiving now?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 71%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Sukeerthi 21 Reputation points2024-10-04T09:36:04.1466667+00:00 Hi, I am also facing same issue, even after i have added content-security-policy as below in azure front door rule set
Could you please help me to resolve this issue?
Thanks
Sign in to comment
Sign in to answer