Content Security Policy (CSP) with Lazy Loaded Maps API #25314
Unanswered
michaelgregson
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello all,
When Lazy Loading the Maps API as per the docs; what is the appropriate way to secure a CSP to satisy the CSP Evaluator?
script-src https://maps.googleapis.com/;Allows the script to work, but the evaluator prefers nonces or hashes which I am unsure how to implement when loaded this way.
In addition, specifying trusted types:
trusted-types angular angular#bundler; require-trusted-types-for 'script';Results in the error
this document requires 'TrustedScriptURL' assignment.Thank you in advance for any advice; I appreciate this issue is not specific to this lazy loading implementation but I have been unable to find any answers elsewhere.
Beta Was this translation helpful? Give feedback.
All reactions