Google oauth prevents pop-up the first time resulting in "Content Security Policy directive script-src contains an invalid source: strict-dynamic"

Question

I have the google API installed in a script tag

<script src="https://apis.google.com/js/platform.js"></script>

and I have a button for google sign in that calls this function

export const googleOauth = (params) => {
  return new Promise((resolve, reject) => {
    window.gapi.load("auth2", () => {
      window.gapi.auth2.authorize(
        {
          client_id: process.env.GOOGLE_CLIENT_ID,
          scope: "email profile",
          response_type: "code",
        },
        (response) => {
          if (response && !response.error) {
            const data = { data: { ...response, ...params } }
            post(oauthUrl, data)
              .then((res) => resolve(res))
              .catch((error) => reject(error))
          } else {
            reject(response.error)
          }
        }
      )
    })
  })
}

It's working fine on desktop browsers but for mobile browsers it will result in the google pop-up from appearing the first time it gets clicked. The console shows this error:

The source list for Content Security Policy directive 'script-src' contains an invalid source: ''strict-dynamic''. It will be ignored.

The second time however you if you click the button it will open the pop-up in a separate window as expected on mobile. It's just the initial click that causes this error. Any ideas on how to fix this?

How about this one https://stackoverflow.com/q/53773917/1841839 — Linda Lawton - DaImTo, Nov 03 '21 at 17:38
Safari browser does not support `'strict-dimanic'` token. It just a warning in the console, nothing is blocked. Either there must be other CSP messages about blocking, or CSP has nothing to do with it. — granty, Nov 06 '21 at 08:34

Google oauth prevents pop-up the first time resulting in "Content Security Policy directive script-src contains an invalid source: strict-dynamic"

0 Answers0