CSP Violation for dependency Restructure/src/Pointer.js:line 229

[djaffer]

I am not able to use strict CSP without unsafe-eval. Can you please fix the dependency being used?

[jeetiss]

@diegomura maybe it's time to update Restructure? I can setup babel for transpiling this package to es5, as I understand only this blocks for update!

[diegomura]

That sounds good! I'm not familiarized with what's needed. Seems you have a clearer idea so I'll trust you 😄

[djaffer]

any update on this please @diegomura @jeetiss

[jeetiss]

@djaffer my plan doesn't help with CSP because @react-pdf has another eval in @react-pdf/yoga and it's not so easy to fix eval in it. you can read more at #510

P.S I'm still planning to upgrade Restructure to the latest version because it doesn't use an obsolete buffer constructor. I will do it when PR #1609 is merged

[twistedpair]

Looks like #1609 has been successfully merged. Any movement on addressing these CSP blocking issues? Thanks.

[seanquinn]

+1 on this

[jacek-seliga-fat-ninja]

+1 on this @diegomura

[maelgff]

+1 on this 🙏

[Serbiaguy96]

+1 on this 🙏

[djaffer]

Is this fixed merged to recent release?

[jepek]

Hi @diegomura,

Same question from me - has version bump up for reconstruct package in the fontkit already been released?

Without it, I have a problem with the CSP strict rules and I cannot use your great package in production.

Thank you for your work!