[Action Required] Update your site's Content Security Policy to continue using Maps JavaScript API

Skip to first unread message

Joce Heuzé

Mar 29, 2022, 9:26:08 AM3/29/22
to Google Maps JS API v3 Notify

Hello Google Maps Customers,

We’re writing to let you know that support in Maps JavaScript API for websites and web apps using a Content Security Policy (CSP) that does not allow googleapis.com is ending. 

Version 3.49 (releases May 2022) will be the last version to support such configurations; we will end support for such configurations starting with version 3.50.

What do I need to know?

The last version supporting inadequate CSP directives, 3.49, will be decommissioned in Q2 2023 (12 months after release to the weekly channel), after which the Maps JavaScript API will not support CSP directives that do not specify googleapis.com.

Please note that while allow-listing maps.googleapis.com may provide a working experience for the time being, it will not be sufficient in the future. Customers currently allow-listing maps.googleapis.com in their CSP need to authorize googleapis.com instead.

What do I need to do?

If your pages don’t provide CSP or have googleapis.com correctly allow-listed, no change is necessary. 

To avoid disruption of your website or web app's experience, please specify googleapis.com in the allow-list of your Content Security Policy at your earliest convenience, regardless of the Maps JavaScript API version it's currently using.

A technical guide and relevant details are available at the Content Security Policy guide for Maps JavaScript API. More information and help regarding CSP can also be found at the Content Security Policy main site.

Version schedule

Version 3.50 will be loaded into the weekly channel beginning August 2022 and in the quarterly channel beginning November 2022. If you currently load the API with v=weekly or v=quarterly and need more time to update your CSP, specify v=3.49 before the above dates to ensure continued support until version 3.49 is decommissioned in May 2023.

After you have updated your CSP, you can return to specifying v=weekly or v=quarterly. See the Maps JavaScript API versioning guide for more information about specifying channels and versions.

If you have any questions or require assistance please contact Google Maps Platform Support.  

Thanks for choosing Google Maps JavaScript API.

The Google Maps JavaScript API Team

Reply all
Reply to author
0 new messages