Agm-map dando erro em localhost e no servidor

Atualizei no servidor, ai não funciona mesmo.

main.49c677484d95e163b289.bundle.js:2 Refused to load the script 'https://maps.googleapis.com/maps/api/js?v=quarterly&callback=agmLazyMapsAPILoader&key=xxxxxxxxxx&language=pt' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

load @ main.49c677484d95e163b289.bundle.js:2
Z @ main.49c677484d95e163b289.bundle.js:2
Z.ɵfac @ main.49c677484d95e163b289.bundle.js:2
si @ main.49c677484d95e163b289.bundle.js:2
ii @ main.49c677484d95e163b289.bundle.js:2
ti @ main.49c677484d95e163b289.bundle.js:2
Bc @ main.49c677484d95e163b289.bundle.js:2
pe.ɵfac @ main.49c677484d95e163b289.bundle.js:2
si @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
co @ main.49c677484d95e163b289.bundle.js:2
qc @ main.49c677484d95e163b289.bundle.js:2
template @ 14.49c677484d95e163b289.chunk.js:1
ao @ main.49c677484d95e163b289.bundle.js:2
ro @ main.49c677484d95e163b289.bundle.js:2
zo @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
ro @ main.49c677484d95e163b289.bundle.js:2
create @ main.49c677484d95e163b289.bundle.js:2
createComponent @ main.49c677484d95e163b289.bundle.js:2
activateWith @ main.49c677484d95e163b289.bundle.js:2
activateRoutes @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
activateChildRoutes @ main.49c677484d95e163b289.bundle.js:2
activateRoutes @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
activateChildRoutes @ main.49c677484d95e163b289.bundle.js:2
activate @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_tryNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_tryNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
_complete @ main.49c677484d95e163b289.bundle.js:2
complete @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_tryNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
o @ main.49c677484d95e163b289.bundle.js:2
_innerSub @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
notifyNext @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
_next @ main.49c677484d95e163b289.bundle.js:2
next @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
_trySubscribe @ main.49c677484d95e163b289.bundle.js:2
subscribe @ main.49c677484d95e163b289.bundle.js:2
call @ main.49c677484d95e163b289.bundle.js:2
Promise.then (async)
b @ main.49c677484d95e163b289.bundle.js:2
e.scheduleTask @ main.49c677484d95e163b289.bundle.js:2
onScheduleTask @ main.49c677484d95e163b289.bundle.js:2
e.scheduleTask @ main.49c677484d95e163b289.bundle.js:2
t.scheduleTask @ main.49c677484d95e163b289.bundle.js:2
t.scheduleMicroTask @ main.49c677484d95e163b289.bundle.js:2
I @ main.49c677484d95e163b289.bundle.js:2
x @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ main.49c677484d95e163b289.bundle.js:2
t @ main.49c677484d95e163b289.bundle.js:2
(anonymous) @ 14.49c677484d95e163b289.chunk.js:1
Show 170 more frames
main.49c677484d95e163b289.bundle.js:2 ERROR Error: Uncaught (in promise): Event: {"isTrusted":true}
    at x (main.49c677484d95e163b289.bundle.js:2)
    at x (main.49c677484d95e163b289.bundle.js:2)
    at main.49c677484d95e163b289.bundle.js:2
    at e.invokeTask (main.49c677484d95e163b289.bundle.js:2)
    at Object.onInvokeTask (main.49c677484d95e163b289.bundle.js:2)
    at e.invokeTask (main.49c677484d95e163b289.bundle.js:2)
    at t.runTask (main.49c677484d95e163b289.bundle.js:2)
    at y (main.49c677484d95e163b289.bundle.js:2)
    at t.invokeTask [as invoke] (main.49c677484d95e163b289.bundle.js:2)
    at u (main.49c677484d95e163b289.bundle.js:2)

Algo ?

Algo nesse sentido ?

@Lucas_Camara pode me ajudar neste também

Na verdade o que entendo que é mais configuração do sistema acessar estes sites que os navegadores estão barrando.

este https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700 e o do google mapas (https://maps.googleapis.com/maps/api/js)

Pelo que li, de acordo com esse link. Você deve adicionar uma regra CSP para que os scripts funcionem:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'">

Já feito isso. Mas deu este erro em anexo.

Este_erro.png1924×992 123 KB

Tenta assim:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval';" />

Erro.

No caso o projeto é com jhipster

erro.png1923×906 118 KB

No caso o projeto é com jhipster. Spring com Angular 9

A questão é que vc tem que montar a tag meta para o http-equiv=“Content-Security-Policy” com as configurações para permitir execução de scripts de outra origem no atributo content. Com isso é preciso entender como esse CSP funciona (conforme links que passei). Eu não manjo muito disso, tanto que os exemplos que mandei foi com base numa rápida leitura que fiz na documentação.

Entendi isso também. Então estou no caminho certo.

Mas estranho que tudo que vejo como solução não funciona.

Até tentei dá uma lida melhor para tentar entender e montar, mas não entendi 100% e estou meio apertado no trampo. Qdo tiver um tempinho mais suave, vou ler a doc com mais calma.

O que mais vc tentou?

Quase tudo de pesquisa relacionada a este assunto.
Foi tanta coisa que nem lembro mais.

Pesquisada no google

@Lucas_Camara, neste link https://stackoverflow.com/questions/33984908/google-fonts-violates-content-security-policy, eles falam em:

Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: `“style-src ‘self’ https://fonts.googleapis.com; font-src ‘self’ https://fonts.gstatic.com”

Ai coloquei assim:

<link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap" rel="stylesheet" />

<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" />

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" />

E perdeu tudo. Muito estranho

erro.png1924×906 113 KB

Tem esta página também: https://developers.google.com/web/fundamentals/security/csp?hl=pt-br

Coloquei todos que ele fala em Política aplicável a diversos recursos, mas nada.

Acho que tu tem que colocar um 'unsafe-line' após a url:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; 'unsafe-inline'" />

Continua dando erro no console.

Quando acesso por: http://localhost:9000/#/

9000.png1924×763 72 KB

Quando acesso por: http://localhost:8080/#/

8080.png1887×794 79.3 KB

No servidor, é como dá o mesmo erro que na imagem 8080

<meta http-equiv="Content-Security-Policy" content="script-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'">

Este funciona com localhost:9090, mas não com localhost:8080.

Porque está dando está diferença ?

Oxi, pela porta não deveria ter diferença não. Será que pode ser algum tipo de cache?

Já abri em todos os navegadores. com janela anonima ou não. Mas quando faço o build no servidor, ele não funciona e dá erro de permissão. Como o exemplo da porta 8080.

Como esses estilos estão sendo importados no projeto? Vou ver se consigo simular esse problema aqui.

<link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap" rel="stylesheet" />
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" />

Mas teria que ser com o jhipster

Tudo bem que tem que ter segurança, mas tudo que faço não está adiantando.

Dentro do public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

http.csrf().disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
				.exceptionHandling().authenticationEntryPoint(problemSupport).accessDeniedHandler(problemSupport).and()
				.headers()
				.contentSecurityPolicy(
						"default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")
				.and().referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN).and()
				.featurePolicy(
						"geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
				.and().frameOptions().deny().and().sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()

Ai tirei esta parte e funcionou:

.contentSecurityPolicy(
						"default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")
				.and()

Só que fica chamando esta parte de tempo em tempo.

http://localhost:9060/sockjs-node/info?t=1593652208370

Atrapalho a segurança ou algo parecido ?

Em termos de segurança, esse contentSecurityPolicy é para evitar ataques de Cross Site Scripting. O que vc pode tentar é, em vez de tirar essa linha, alterar com as devidas permissões. Pois estava tentando adicionar isso numa tag meta no html. Acredito que vc teria que adicionar a url https://fonts.googleapis.com nessa configuração do web security, assim:

"default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' data:"

Tentei, mas adivinha. kkkkk não funcionou,

Mas vou tentar com este que vc passou

Pelo que entendi, a sintaxe é algo assim:

"<<tipo-do-recurso>> '<<diretiva>>'; <<tipo-do-recurso>> '<<diretiva>>'; ...''

• O tipo do recurso diz se é um script, um estilo, uma fonte, etc. E esse default-src é um fallback caso não encaixe em nenhum outro declarado (li isso na documentação);
• Já a diretiva, diz como será permitido ler o recurso utilizado. Como exemplo, um script carregado via eval. E ainda definir de qual host o recurso está vindo.

Então este exemplo funcionaria ?