Problem in integrating external script in Kibana Plugin

I am developing a plugin in Kibana with React. I need google map API for that. But when I render my component with mp API script it gives an error. I searched and found that and the reason behind it is the content security policy ( CSP ) of Kibana. The solution is to customize CSP rules though which is not recommended in Kibana documentation.

I add csp.strict: true in kibana.yml but still throw the same error like

Refused to load the script 'https://maps.googleapis.com/maps/api/js?key={MY_API_KEY}&libraries=places%2Cgeometry' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

How can I configure csp.rules in kibana.yml to only access the google map API plugin that is
https://maps.googleapis.com domain and render my map? If anyone has any working code snippet of csp.rules for adding a particular script in the Kibana plugin will be very helpful for me.

1 Like

Try this:

csp.rules:
 - "script-src 'unsafe-eval' 'self' 'https://maps.googleapis.com'"
 - "worker-src blob: 'self'"
 - "style-src 'unsafe-inline' 'self'"

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.