HOW TO: Solving Problems Related to Content Security Policy (CSP) and Google Maps Widget in Bizagi

2 Years Ago


Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks from the execution of malicious content in the trusted web page context. It is a candidate recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on said website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features. For further information, visit


The image above shoes the following error message:

Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Applies To

11.2.4 R2 and 11.2.5

What you need to do?

To address this issue, you can follow the steps below:

1. Visit this article for further information:

2. Follow the steps mentioned on: “What you need to do” section

3. The key to be used is:

default-src 'self' data: blob:;
script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: * *;
font-src * 'unsafe-inline' data: blob:;


If you come up with a similar error with another widget, you need to create a ticket and inform the Support team about the widgets you have set up after the installation of the key; this issue may happen because the key must be modified and reinstalled if you have more widgets.


Rate this Article:


Last Modified:2 Years Ago
Last Modified By: LauraG
Level: Intermediate
Rated 5 stars based on 2 votes.
Article has been viewed 4.3K times.