Azure Communication Services
An Azure communication platform for deploying applications across devices and platforms.
1,242 questions
Content-Security-Policy with azure communication services
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 3%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Ralph van der Neut
6
Reputation points
Everytime i start a ACS call using the calling js library.
I get the following error:
Refused to connect to 'wss://trouter-azsc-euno-0-a.trouter.skype.com/socket.io/1/websocket/<dynamic info>' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: <other url>
I tried adding "wss://trouter-azsc-euno-0-a.trouter.skype.com/socket.io/1/websocket" to "Content-Security-Policy" http response header, but that doesn't work. Because the url is dynamic on each call. I can't use a wildcard? What should i set in the Content Security Policy to make the error dissapear?
Azure Communication Services
{count} vote
-
Grmacjon-MSFT 19,301 Reputation points Moderator2021-11-16T20:32:03.043+00:00 Hi @Ralph van der Neut ,
Thanks for bringing this to our attention. When did you start noticing this issue? We are checking internally with the engineering team to see what may be causing this issue. We appreciate your patience.
Thanks,
Grace
. -
Ralph van der Neut 6 Reputation points
2021-11-19T12:51:33.39+00:00 I started noticing this when we deployed it to our vm in azure.
There are multiple security features running there for minimizing the cross site scripting attacks.
But it needs a url or ws path to the external site to allow it access.
However the ACS call still works, but it looks like it still does something under the hood that needs to be allowed.
Sign in to comment
Sign in to answer