New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use with wasm-bindgen triggers CSP error #91

Closed

evq opened this issue Aug 17, 2019 · 1 comment · Fixed by #92

Contributor

evq commented Aug 17, 2019

Due to let this = Function::new("return this").call(&JsValue::undefined()); I'm currently seeing an error using a sensible CSP:

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'wasm-eval'".

js_sys uses a more involved method to fetch the global object that eventually falls back to the unsafe version.
https://rustwasm.github.io/wasm-bindgen/api/src/js_sys/lib.rs.html#4450-4523

Can either js_sys be added as a dependency or this logic (or a subset) be reproduced here?

The text was updated successfully, but these errors were encountered:

Member

josephlr commented Aug 17, 2019

Good find @evq I’m working on a patch to fix this for the bindgen target. I think we should be using js_sys at the very least.

evq mentioned this issue

Fix CSP error for wasm bindgen #92

Merged

newpavlov closed this as completed in #92

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment