Not able to implement strict Content Security Policy with Google maps APIs
I am getting below error multiple times in the console of developer tool of chrome for common.js file of maps.googleapis.com-
common.js:15
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://fonts.googleapis.com https://s3.amazonaws.com https://maxcdn.bootstrapcdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po='), or a nonce ('nonce-...') is required to enable inline execution.
I need to use strict CSP policy so can't use unsafe-inline or unsafe-eval to relax the policy. To support strict CSP policy, inline styling and scripting are not allowed. And it seems inline stylings have been used in the common.js of the google map api due to which I am getting the above error.
Any suggestion?
Any suggestion?
Use 'nonce-value' token in script-src and the same one in style-src. If you call the GMaps API with nonce='value' attribute:
<script async defer src='//maps.googleapis.com/maps/api/js?key=<api_key_here>&callback=initMap' nonce='base64value'></script>
The Google maps API script redistributes this nonce='base64value' into all child external scripts and inline styles blocks. You can check it in the demo of 'nonce' with Google map, just select 'nonce' checkbox.
Edit 24-07-2021:
I can confirm that:
- GMap made some changes and does not redistribute
noncefrom script tag into styles. - A workaround by Max Visser no longer works as of now.
Therefore, unfortunately the answer is: Use 'unsafe-inline' and wait for Google to implement 'nonce' for styles.
- Remove or move frame that's drawn around focused AdvancedMarkerElement
- Obtain list of My Places from Google Maps
- Generate real US street addresses for Selenium RC script
- JavaFX not embedding google maps html
- Google Maps Javascript API: marker.setPosition Issue
- react-native-maps: AirGoogleMaps dir must be added to your xCode project to support GoogleMaps on iOS
- Delegate function not being called when tapping a poi using the gms and swift ui
- Get google map link with latitude/longitude
- SHA-1 fingerprint of keystore certificate
- vue3-google-map with Nuxt
- Draw AdvancedMarkerElement on center of its position
- Google Geolocation API - red destination marker
- Decoding polyline with new Google Maps API
- google maps MarkerClusterer how to personalize the renderer
- Get a list of markers in bounds of google map using markerclusterer v3
- How do I securely use Google API Keys
- Flutter Google Maps - Rotate marker according to the driving direction
- What is the best way to get all of the mechanics in the UK using Google Places API?
- GMaps V3 InfoWindow - disable the close "x" button
- Database structure when creating a map app
- Android Maps Compose | MarkerState.setMarker IllegalStateException
- Google Maps API - ControlPosition with Infowindow
- parse google maps geocode json response to object using Json.Net
- Custom markers with Flutter Google Maps plugin
- API key not found. Check that com.google.android.geo.API_KEY Error in expo development build
- React Native Maps: Markers image doesn't show using Custom Marker in react-native-maps
- How to get coordinates about a point in Google Maps API iOS?
- Google Directions API failing to return results in iOS
- How can I do to return places in distance order
- Google Maps API full screen in SWIFT3