I need to include this script https://apis.google.com/js/api:client.js in my website. On Google Chrome it works fine, but on Firefox (and IE obviously), I get some errors:
Content Security Policy: Ignoring “‘unsafe-inline’” within script-src: ‘strict-dynamic’ specified
Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified
I tried to change the content security policy header in a meta tag but it didn't work.
I tried with all of these:
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'; script-src 'self' apis.google.com; style-src 'self';">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' apis.google.com">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' https://*.google.com; object-src 'self' 'unsafe-eval'">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' apis.google.com;">