You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I'm trying to add crate to my site and CSP is blocking the script because it uses eval()
It will be nice if you can remove eval() from the script.
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive
I am still having CSP issue with the introduction of a style tag.
crate.js:formatted:13642
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution.
Can you please suggest a way to avoid this (other than unsafe-inline). Or do you need to refactor code or introduce a new CSP policy?
Hi, I'm trying to add crate to my site and CSP is blocking the script because it uses eval()
It will be nice if you can remove eval() from the script.
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive
eval() - JavaScript MDN
The text was updated successfully, but these errors were encountered: