I meet a Content Security Policy problem when using esri-leaflet to parse the ArcGIS mapserver to tileLayer, the code snippet I used is as following:
L.esri.dynamicMapLayer({
url: 'https://xxxxxxxxxxx/arcgisorg/rest/services/TempMap/TownVill/MapServer',
opacity: 0.8,
layers: [0, 1],
crossOrigin: true
})
I use the option crossOrigin of leaflet to pass the Content Security Policy, but the error message shows: ["Refused to connect to 'https:xxxxx' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback."]. It seems crossorigin can work on leaflet, but not work in esri-leaflet. My developing environment is node.js with express, and is there any good method can cover this problem, thanks a lot.
