HOW TO: Solving Problems Related to Content Security Policy (CSP) and Google Maps Widget in Bizagi

2 Months Ago
LauraG
BIZAGI STUDIO

Summary

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks from the execution of malicious content in the trusted web page context. It is a candidate recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on said website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. For further information, visit https://en.wikipedia.org/wiki/Content_Security_Policy

 

The image above shoes the following error message:

Refused to load the script 'https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXXXXXXX-Tk&libraries=places&callback=bizagi.rendering.desktop.GoogleMapsPoints.mapsCallback' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Applies To

11.2.4 R2 and 11.2.5

What you need to do?

To address this issue, you can follow the steps below:

1. Visit this article for further information:  https://help.bizagi.com/bpm-suite/en/index.html?content-security-policy-def.htm

2. Follow the steps mentioned on: “What you need to do” section

3. The key to be used is:

default-src 'self' data: blob:;
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com;
style-src 'self' 'unsafe-inline' fonts.googleapis.com;
img-src 'self' data: blob: *.googleapis.com maps.gstatic.com *.ggpht.com;
font-src * 'unsafe-inline' data: blob: fonts.gstatic.com;

Considerations

If you come up with a similar error with another widget, you need to create a ticket and inform the Support team about the widgets you have set up after the installation of the key; this issue may happen because the key must be modified and reinstalled if you have more widgets.

 


Rate this Article:

Details

Last Modified:2 Months Ago
Last Modified By: LauraG
Type: HOWTO
Level: Intermediate
Rated 5 stars based on 1 vote
Article has been viewed 434 times.

Options