ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,253 questions
Content Security Policy Violations happening for whitelisted domains only for Netherlands and Switzerland users.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 19%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Gour, Ashish
0
Reputation points
I have a csp policy where I have whitelisted all the domains from which I want to load the content to my application and have added only default-src directive which is fallback to all the other directives.
I have tested the policy on lower environments and it's working as expected.
But in production environment, I have observed the policy is getting violated for Netherlands and Switzerland users (Note: mostly images are getting blocked), Is there any network related restrictions in these countries or any other issue related to content security policy.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT 19,181 Reputation points2024-04-30T07:32:53.42+00:00 @Gour, Ashish Since you have posted the question on Azure App Service? Is your webapp hosted on an Azure VM or Azure WebApp or some other Azure service? Kindly provide more details about your scenario to assist you better.
We may have to re-tag to receive insights from the targetted audience/SMEs.
-
Gour, Ashish 0 Reputation points
2024-04-30T12:12:08.63+00:00 @SnehaAgrawal-MSFT The webapp is hosted on App Service Azure App Service.
Extra info: The images are getting blocked coming from storage account from a specific folder, we have other folders too, but for a specific folder the all the images are getting blocked only for Netherlands and Switzerland users. -
SnehaAgrawal-MSFT 19,181 Reputation points
2024-05-06T06:25:07.37+00:00 @Gour, Ashish Thanks for reply! There should be nothing specific to those regions/countries at the App Service level. Could you please share some more information or data where you can show the unexpected behavior, to help you better on this.
Sign in to comment