Warning: This data is provided under the Google User Data Policy. Please review and comply with the policy. Failure to do so may result in project suspension or account suspension.

Load the One Tap client library

Be sure to load the Google One Tap client library on any page a user might sign in on. Use the following code snippet:

<script src="https://accounts.google.com/gsi/client" async defer></script>

You can optimize your page's loading speed by loading the script with the async and defer boolean attributes.

Change the Content Security Policy

Before the Google iframe loads, the new library sends an XmlHttpRequest (XHR) to the Google frontend to check whether display conditions are met or not.

If you have Content Security Policy enabled in your page, you need to add accounts.google.com to an allowlist in your Content Security Policy to allow the XHR.

The following code snippet is an example for the content-security-policy header:

content-security-policy: connect-src 'self' accounts.google.com