JavaScript API
An Office service that supports add-ins to interact with objects in Office client applications.
942 questions
Content Security Policy is blocking the BingMap's virtualearth.net (Street Side view) to render? How to make my BingMap to work with CSP implementation?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 3%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
Hussain, Haidar
0
Reputation points
I have implemented the BingMap and using its Street side view that is using virtualearth.net api to render the map. But this is also injecting the dynamic scripts and expecting the 'inline-eval' is allowed. But the Content Security Policy has restricted the inline-eval and unsafe-inline scripts to be allowed. Due to this, my virtualearth.net and street side view is not working. There some suggestions given to handle it by nonce and hashing the script in CSP policy. But since the Bing map scripts are generated dynamically at run time, I cannot define nonce or hash the scripts in my SCP. How to handle such scenario?
{count} votes
-
Hussain, Haidar 0 Reputation points
2024-01-31T12:55:24.3+00:00 my CSP is this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' *.bing.com *.virtualearth.net; style-src 'self' *.bing.com 'unsafe-inline';">
Sign in to comment