google maps api script does load due to content security policy

I had a same issue and solved by replacing API URL from http to https version.

In HTML From:

<script type='text/javascript' src='http://maps.google.com/maps/api/js?v=3.3&sensor=false'></script>

To:

<script type='text/javascript' src='https://maps-api-ssl.google.com/maps/api/js?v=3.3&sensor=false'></script>

Then added https://maps-api-ssl.google.com to CPS in manifest.json

I don't know if you still need this info. But I was googling and spend some time but couldn't find a direct answer, so I wrote here to hope if it helps anyone.

I think the problem here is that you have not correctly set the content security policy for Google Maps URL. You should change your "content_security_policy" in manifest file to something like this:

"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"

This simply means that you are allowing to run script from the self/current page, and from the "https://maps.googleapis.com".

Try this, and see if it helps.

google maps api script does load due to content security policy

Tags:

Javascript

Jquery

Google Maps

Google Chrome Extension

Content Security Policy

Related

Recent Posts