Content Security Policy blocked 'https://maps.googleapis.com'

We have an application where Google Maps and its API is being used. Basically the application has a map and search box displayed where the user queries for location and the map searches the same. Recently, we came to know that the application is working fine in Desktop and maps gets loaded. But when the user tries to access the same application in iPhone, the maps does not gets loaded and a grey screen is displayed. When checked in Service Center, the below error is logged:

Content Security Policy blocked 'https://maps.googleapis.com'

Content Security Policy blocked 'https://developers.google.com'

I tried to whitelist both these URL's in CSP under Script-src, but it did not help and the application is still not accessible in iPhone. It would be great if anyone could help me on sorting this issue by unblocking these two URL's. Thanks in advance!!



Luís Cardoso wrote:

Hello,

I found this link in the documentation: https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Apply_Content_Security_Policy

Hope it helps you!

BR,

Luis


Hi Luis, thanks for the quick reply. I have referred the above link only and configured both URLs under Script-src. Even then, still the application is not accessible in iPhone browser (its a web application a accessed using URL) and the error is logged in Service Center. *The application is working good in desktop browser.

can someone help me on this as more users are not able to access the application on their mobile devices.

Hi Somesh,

What Mobile Apps Build Service (MABS) version did you use?

Have you seen this specific information around CSP and iOS apps provided in the link Luis has shared?

Regards,

Nordin

Nordin Ahdi wrote:

Hi Somesh,

What Mobile Apps Build Service (MABS) version did you use?

Have you seen this specific information around CSP and iOS apps provided in the link Luis has shared?

Regards,

Nordin

Hi Nordin, actually the user is trying to access the web application by typing the application URL and a part of the application got loaded., Only the Google maps did not load and when checking Service Center, above error shows up. I want to whitelist the above two Google URL's in CSP. Kindly let me know how to configure in CSP.

Hi Somesh,

In that case, try the following value for script-src:

'self' developers.google.com maps.googleapis.com;

Regards,

Nordin