Stack Overflow
Stack Overflow

Questions tagged [unsafe-eval]

17 questions
2
votes
0 answers

Uncaught EvalError: 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'"

I am creating a chrome extension in Manifest V3 because I realised that Chrome now disallows people from uploading extensions using Manifest V2. I made some changes and this is what my manifest.json looks like now. { "manifest_version": 3, …
YU XI ONG
  • 59
  • 5
2
votes
0 answers

WebView Content Security Policy exception in Google console firebase robo test

Google console in tests via Firebase Robo test shows an exception. Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src…
Slava
  • 443
  • 4
  • 12
1
vote
0 answers

Ionic inAppBrowser executeScript gives "Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source"

Update 25/6/23: I went back to a previous version of my app and this works, so it's clearly something that I've changed in the last 6 months. Original: When I try to call executeScript on a Twitter page I've opened in Ionic's…
Jason Berwick
  • 11
  • 1
  • 3
1
vote
0 answers

In Webpack and/or NextJS, how to disable eval-source-maps due to CSP issues

I'm trying to set a restrictive CSP for a secure application, and my use case not not allow for 'unsafe-eval'. By default NextJS and Webpack use eval-source-maps that use eval() repeatedly, meaning this breaks my development environment. I…
AiDev
  • 1,214
  • 8
  • 11
1
vote
0 answers

Added 'unsafe-eval' in script-scr on the CSP still saying it is not there

I have tried everything this is my last resort.I put unsafe-eval in script-scr but nothing happens.
zoty2
  • 11
  • 1
1
vote
1 answer

script-loader alternative for webpack?

When bundling web app using webpack, i need to register some 3rd party scripts into global(i.e. window) namespace, script-loader seems designed for this Webpack - How to load non module scripts into global scope | window. However, there is a big…
Allen
  • 4,431
  • 2
  • 27
  • 39
1
vote
0 answers

An API we are using requires 'unsafe-eval' 'unsafe-inline', can we restrict script origin with CSP without further compromising security?

We have a hard dependency on an javascript API that requires 'unsafe-inline' 'unsafe-eval' if used in a CSP. If we add a CSP header with the values below can we improve our security posture by limiting whitelisting the origins of where the scripts…
CLJ
  • 1,907
  • 5
  • 22
  • 36
0
votes
1 answer

How to use aframe.js with Content Security Policy on WebServer

For security reasons, Content Security Policy is mandatory on our Internet Information Server. For this purpose, a response header was stored in IIS as follows, which must not be changed: Name: Content Security Policy Value: default-src 'none';…
Jörg Meyer
  • 1
0
votes
0 answers

"content_security_policy": "script-src 'self' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebo

Please help! I Googled this error message and it brought me here. Im not a programer developer anything. Should I just throw this laptop out? thanks for any help I googled the error code it brought me here.
eb nolan
  • 1
  • 1
0
votes
0 answers

Getting Eval error in console after removing unsafe eval headers from application

I tried this Specifying only no-unsafe-eval tells AngularJS that we must not use eval, but that we can inject inline styles. E.g. . Specifying only no-inline-style tells AngularJS that we must not inject styles, but…
YusafShayk
  • 1
0
votes
0 answers

how to prevent the use of 'unsafe-eval' to CSP (Content Security Policy) becuase of prizmDoc viewer-asset underscore.min.js file (..new function..)

I have integrated the prizmDoc to our angular application and working perfectly in my local env. But in our STG I got an error saying 'unsafe-eval' is not allowed. According to prizmDoc v13.22 updated documentation, we must allow "script-src…
Jake James
  • 1
  • 2
0
votes
0 answers

getting error on bsModel.hide() in ngOnDestroy while removing unsafe-eval from meta tag

I am using Angular 10 application . Due to the CSP issue, I need to remove unsafe-eval from script-src, now the issue appearing all the ngOnDestroy() having ngx bootstrap modal hide() and I am having issue on following code: ngOnDestroy(): void { …
Himanshu Rastogi
  • 49
  • 9
0
votes
1 answer

Content Security Policy - unsafe eval error. Allowing a specific node_module file : node_modules/aurelia-webpack-plugin/runtime/empty-entry.js

I want to enforce CSP as a security measure in my web application. From the server end , I have set the policy to "allow" self for all of its resources. However there is one particular front end node_module file , which is throwing error as attached…
vidhi
  • 3
  • 3
0
votes
1 answer

Angular: Refused to evaluate a string as JavaScript because 'unsafe-eval'

In my application a blob fetched by means of a API-call is passed on to a custom npm-package that will show the blob on the screen (it’s an image). Locally it works! Only not on the development server. Refused to evaluate a string as JavaScript…
Woefie
  • 9
  • 2
0
votes
1 answer

APIDoc with NodeJS: EvalError while serving documentation page

I'm using APIDoc to generate API documentation of my NodeJS app. I'm facing problem while serving generated index.html page: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in…
Qamar Zaman
  • 1
1
2