Content Security Policy (CSP)

4 posts / 0 new
Last post
Content Security Policy (CSP)


I'm working on a project for our company and we would like to use mapquest to show individual maps based on a GPS location. Unfortunately, we use a very strict CSP, which blocks everything but 'self', unless explicitly set in the CSP header.

Is there an "official" CSP by mapquest that I can use?


So far, I managed to gather the following URLs that need to be added to a CSP, but I am not sure if they are correct or complete:







Any information would be appreciated.

Thank you!

There is no officially
There is no officially documented CSP. But it looks like you hit all of the bases for the base MapQuest.js with your list. If you use other functions within the SDK, like geocoding, routing, custom icons, etc, then you'll need to either add specific API URLs or include* and

Instead of making

Instead of making modifications to the CSP, is there a way to proxy everything via our own server? thus have our server forward all the requests back to mapquest?

btw, your captcha is rather annoying, I'm logged in and I have to constantly verify I am not a robot, which takes 10 minutes each time, clicking on silly images.


There's no easy way to do it
There's no easy way to do it through the SDK but if I come up with anything I'll let you know.