-
Notifications
You must be signed in to change notification settings - Fork 6.8k
Content Security Policy (CSP) with Lazy Loaded Maps API #25314
Unanswered
michaelgregson
asked this question in
Q&A
-
Hello all,
When Lazy Loading the Maps API as per the docs; what is the appropriate way to secure a CSP to satisy the CSP Evaluator?
script-src https://maps.googleapis.com/;
Allows the script to work, but the evaluator prefers nonces or hashes which I am unsure how to implement when loaded this way.
In addition, specifying trusted types:
trusted-types angular angular#bundler; require-trusted-types-for 'script';
Results in the error this document requires 'TrustedScriptURL' assignment.
Thank you in advance for any advice; I appreciate this issue is not specific to this lazy loading implementation but I have been unable to find any answers elsewhere.
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment