cancel
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Custom visual development - access to external resources using domain-names with hyphens is broken.

When developing a custom visual that needs to access external resources you can white list domains to permit web access as per https://learn.microsoft.com/en-us/power-bi/developer/visuals/capabilities#allow-web-access

... this updates the CSP's default-src policy with the permitted domains

 

In the stated above example in the developer docs if you change the config to use a domain name containing a hyphen it will prevent all access to the web from a powerBI visual.

 
e.g. in this example, changing the 2nd parameter to example-site.com (from example.com) will prevent all access to any sites, including api.microsoft.com.
 

 

 

{
    "name": "WebAccess",
    "essential": true,
    "parameters": [ "https://*.microsoft.com", "http://example-site.com" ]
}​

 

 

It seems like hypens in domain names cause the CSP to not be formed as expected

 

Status: Investigating

Hi @andyward ,

 

This looks more like a product improvement than a feature bug.

If you would like to suggest  feature improvements, you may  vote the idea and comment here  to improve this feature. It is a place for customers provide feedback about Microsoft Office products . What’s more, if a feedback is high voted there by other customers, it will be promising that Microsoft Product Team will take it into consideration when designing the next version in the future.

 

Best Regards,
Community Support Team _ Caitlyn

Comments
v-xiaoyan-msft
Community Support
Status changed to: Investigating

Hi @andyward ,

 

This looks more like a product improvement than a feature bug.

If you would like to suggest  feature improvements, you may  vote the idea and comment here  to improve this feature. It is a place for customers provide feedback about Microsoft Office products . What’s more, if a feedback is high voted there by other customers, it will be promising that Microsoft Product Team will take it into consideration when designing the next version in the future.

 

Best Regards,
Community Support Team _ Caitlyn

andyward
Regular Visitor

If you've got a dash/hyphen in your domainname it's a complete blocker for external access. I worked around it using our Azure FQDN rather than the public domain, but it meant I had to wildcard *.azurewebsites.net rather than {guid-identifier-with-dashes}.azurewebsites.net

 

May not be a bug, but it's an omission/oversight IMO