Be sure to load the Google One Tap client library on any page a user might sign in on. Use the following code snippet:
<script src="https://accounts.google.com/gsi/client" async defer></script>
You can optimize your page's loading speed by loading the script with the
defer boolean attributes.
Change the Content Security Policy
Before the Google iframe loads, the new library sends an XmlHttpRequest (XHR) to the Google frontend to check whether display conditions are met or not.
If you have Content Security Policy enabled in your page, you need to add
accounts.google.com to an allowlist in your Content Security Policy to allow
The following code snippet is an example for the
content-security-policy: connect-src 'self' accounts.google.com