search

microsoft / PowerBI-visuals-tools

Contains tools for building/packaging Power BI visuals
https://www.powerbi.com
MIT License
330 stars 149 forks source link

Privileges WebAccess gives a CSP error #425

Closed JipAccobat closed 2 years ago

JipAccobat commented 2 years ago

After updating to 4.7.0 from 4.2.0 I've added privileges to the capabilities.json:

{
    "privileges": [
        {
            "name": "WebAccess",
            "essential": true,
            "parameters": [
                "https://xyz.azurewebsites.net"
            ]
        },
        {
            "name": "ExportContent",
            "essential": false
        }
    ]
}

How ever when I use the external call I'm getting the following error:

Refused to connect to 'https://xyz.azurewebsites.net/' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
JipAccobat commented 2 years ago

I have figured it out. You are not able to specify specific subdomains but need to use a wildcard:

{
    "privileges": [
        {
            "name": "WebAccess",
            "essential": true,
            "parameters": [
                "https://*.azurewebsites.net"
            ]
        }
    ]
}

You are also able to allow everything by using a *:

{
    "privileges": [
        {
            "name": "WebAccess",
            "essential": true,
            "parameters": [
                "*"
            ]
        }
    ]
}