従来の Google API ドメイン(maps.google.com など)または地域固有のドメイン(maps.google.fr など)から Maps JavaScript API を読み込むウェブサイトの場合、次の例に示すようにこれらのドメイン名を CSP の script-src 設定に含める必要があります。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["必要な情報がない","missingTheInformationINeed","thumb-down"],["複雑すぎる / 手順が多すぎる","tooComplicatedTooManySteps","thumb-down"],["最新ではない","outOfDate","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["サンプル / コードに問題がある","samplesCodeIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-01-15 UTC。"],[[["This document provides recommendations for configuring Content Security Policy (CSP) when using the Maps JavaScript API to ensure compatibility across various browsers."],["All websites must specify `googleapis.com` in their CSP directives by Q2 2023 for the Maps JavaScript API to function correctly."],["Strict CSP with nonce-based implementation is the recommended approach for enhanced security, requiring websites to add nonce values to `script` and `style` elements."],["Allowlist CSP, while supported, requires referencing Google Maps Domains documentation and release notes to keep the allowlist current with new domains."]]],["Developers should configure their website's Content Security Policy (CSP) for the Maps JavaScript API. Using strict CSP with nonce values for `script` and `style` elements is recommended. Websites must include `googleapis.com` in CSP directives, especially after Q2 2023. The API will apply the first found nonce to its inserted elements. Allowlist CSP users need to consult the list of Google Maps Domains and include any new domains, especially legacy or region-specific ones, in `script-src`.\n"]]
