Ember-CLI and Google Maps

Published on Wednesday, November 19, 2014

This evening I started working on a project that I realize Ember is the perfect fit. The ability to create a custom data adapter to read from the Socrata Data Portal solves some issues for me and ember data makes that easy. So I did a little search on Ember Addons and found that there are several addons available. I picked ember-google-map since it seem to have the most features and appears very intuitve to use. Once I ran the npm command to install it, I ran ember serve and bam. I was hit with the following error:

Refused to apply inline style because it violates the following Content Security Policy
directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'),
or a nonce ('nonce-...') is required to enable inline execution.

After a little google-fu I discovered this github issue which lead me to this ember addon, ember-cli-content-security-policy. After adding the config section below, It resolved all 136 errors I was recieving in Chrome. It appears that this issue is only isolated to running the node express server for development. I guess I will find out soon enough.

ENV.contentSecurityPolicy = {
  'default-src': "'none'",
  // Allow scripts
  'script-src': "'self' 'unsafe-eval' http://*.googleapis.com http://maps.gstatic.com",
  'font-src': "'self' http://fonts.gstatic.com", // Allow fonts
  'connect-src': "'self' http://maps.gstatic.com", // Allow data (ajax/websocket)
  'img-src': "'self' http://*.googleapis.com http://maps.gstatic.com",
  // Allow inline styles and loaded CSS
  'style-src': "'self' 'unsafe-inline' http://fonts.googleapis.com http://maps.gstatic.com"
};

I hope this post is found useful by others. I have a few other ideas I want to try and I am sure this is going to manifest itself again.