How to set Content Security Policy for Application Insights in Interop mode for Azure App Service with Azure Front Door?

David Sass 7 Reputation points
2023-05-26T16:23:57.9933333+00:00

Greetings,

I am getting this error message when I inject Application Insights into my dotnet core webapp and I have no luck setting the appropriate Content Security Policy (CSP) with Azure Front Door's rule engine

Refused to load the script 'https://js.monitor.azure.com/scripts/b/ai.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I use the following CSP:

content-security-policy: script-src https://*.contoso.com https://js.monitor.azure.com

I appreciate any help because I am loosin' it

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,020 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
627 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,370 questions
{count} votes