-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP violations due to use of new Function() #258
Comments
Hmm, I didn't know |
Ah sorry - have updated to the actual issue (js-data/js-data-angular#242) |
My proposed fix is to add a flag that forces the library to not execute the code that raises the CSP violation warning. Is that sufficient? |
@nealedj Thoughts? |
Sorry @jmdobry - was going to give that a test today but haven't got round to it yet. The fix looks perfect though. |
Just to follow up - tested this and it works great. Thanks! |
It looks like
new Function()
is used hereIt appears to be handled within the
try/catch
but it still raises a CSP violation in the browser.It'd be most excellent if there was a setting where this could be disabled and the fallback behaviour was always used. I see that this was suggested in this issue.
Thanks!
The text was updated successfully, but these errors were encountered: