Refused to connect to 'https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
This error shows up in the JavaScript console:
https://github.com/umts/incidents/blob/master/config/initializers/content_security_policy.rb