Deploying a SPFx webpart to multiple tenants without public cdn

Question

We have developed a SharePoint Framework webpart and deployed the bundle files to our private CDN and the app package to our app catalog in SharePoint Online which are located in same tenant in which we install the SPFx webpart. That works fine.

Now we have multiple partners with their own O365 tenants and many users that also want to use this SPFx webpart. We can deploy the app package to their app catalogs but how can our partners access the bundle files from our private CDN? As public CDNs can be accessed anonymously our boss don't want to use them.

Answer 1

Currently there's no way to deploy a SPFx web part using a private CDN. Private CDN's URL is not static - which is a strict requirement for SPFx web parts.

Your best shot would be to convince your superior to use public CDNs. Using public CDNs, confidential information will not be shared in any manners, as it's only for sharing the JS code for the web part.

Additionally Microsoft's Vesa Juvonen gives an alternative approach besides the public share:

If you still would like to get them hosted from fully secured URL, you'd use simply directly for example library in SharePoint without any CDN capabilities and you'd update the manifest URLs to point to that one

Source: How do we deploy SPFx Web Parts to a Private CDN on O365?

Answer 2

As of spfx 1.4 you can now use includeClientSideAssets feature within your spfx package.

If you would not have CDN enabled in your tenant, and the includeClientSideAssets setting would be true in the package-solution.json, the loading URL for the assets would be dynamically updated and pointing directly to the ClientSideAssets folder located in the app catalog site collection. In this example case, the URL would be https://sppnp.microsoft.com/sites/apps/ClientSideAssets/.