Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content Security Policy - "unsafe-eval" #567

Open
AllaZhbanova opened this issue Dec 20, 2021 · 1 comment
Open

Content Security Policy - "unsafe-eval" #567

AllaZhbanova opened this issue Dec 20, 2021 · 1 comment
Assignees

Comments

@AllaZhbanova
Copy link
Collaborator

Steps to Reproduce
Add a CSP (in your html entry file) that doesn't allow for "unsafe-eval"

Expected behavior
Not throw a CSP error

Actual behavior
Throws a CSP error

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script
Additional context
I've tracked this down to ketcher-standalone/src/generate/libindigo.js line 1230. Specifically new Function will cause this.

Don't have enough context to make a change to this but essentially new Function should go away otherwise CSP won't let it run.

@even1024
Copy link
Collaborator

even1024 commented Apr 4, 2022

The problem seems to be common for WASM.

WebAssembly/content-security-policy#7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants