google maps api script does load due to content security policy
I had a same issue and solved by replacing API URL from http to https version.
In HTML From:
<script type='text/javascript' src='http://maps.google.com/maps/api/js?v=3.3&sensor=false'></script>
To:
<script type='text/javascript' src='https://maps-api-ssl.google.com/maps/api/js?v=3.3&sensor=false'></script>
Then added https://maps-api-ssl.google.com to CPS in manifest.json
I don't know if you still need this info. But I was googling and spend some time but couldn't find a direct answer, so I wrote here to hope if it helps anyone.
I think the problem here is that you have not correctly set the content security policy for Google Maps URL. You should change your "content_security_policy" in manifest file to something like this:
"content_security_policy": "script-src 'self' https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'"
This simply means that you are allowing to run script from the self/current page, and from the "https://maps.googleapis.com".
Try this, and see if it helps.