elastic · thomasneirynck · Jul 9, 2019 · thomasneirynck · Jul 9, 2019 · kobelb
diff --git a/src/legacy/server/csp/index.ts b/src/legacy/server/csp/index.ts
@@ -22,11 +22,7 @@ import { promisify } from 'util';
 
 const randomBytesAsync = promisify(randomBytes);
 
-export const DEFAULT_CSP_RULES = Object.freeze([
-  `script-src 'unsafe-eval' 'nonce-{nonce}'`,
-  'worker-src blob:',
-  'child-src blob:',
-]);
+export const DEFAULT_CSP_RULES = Object.freeze([]);
 
 export async function generateCSPNonce() {
   return (await randomBytesAsync(12)).toString('base64');

diff --git a/x-pack/legacy/plugins/maps/public/components/map/mb/utils.js b/x-pack/legacy/plugins/maps/public/components/map/mb/utils.js
@@ -5,10 +5,13 @@
  */
 
 import _ from 'lodash';
-import mapboxgl from 'mapbox-gl';
+import mapboxgl from 'mapbox-gl/dist/mapbox-gl-csp';
+import mbWorkerUrl from '!!file-loader!mapbox-gl/dist/mapbox-gl-csp-worker';
 import chrome from 'ui/chrome';
 import { MAKI_SPRITE_PATH } from '../../../../common/constants';
 
+mapboxgl.workerUrl = mbWorkerUrl;
+
 function relativeToAbsolute(url) {
   const a = document.createElement('a');
   a.setAttribute('href', url);