I am developing a plugin in Kibana with React. I need google map API for that. But when I render my component with mp API script it gives an error. I searched and found that and the reason behind it is the content security policy ( CSP ) of Kibana. The solution is to customize CSP rules though which is not recommended in Kibana documentation.
I add csp.strict: true
in kibana.yml but still throw the same error like
Refused to load the script 'https://maps.googleapis.com/maps/api/js?key={MY_API_KEY}&libraries=places%2Cgeometry' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
How can I configure csp.rules
in kibana.yml
to only access the google map API plugin that is
https://maps.googleapis.com
domain and render my map? If anyone has any working code snippet of csp.rules
for adding a particular script in the Kibana plugin will be very helpful for me.