Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content Security Policy - "unsafe-eval" #567

Open
AllaZhbanova opened this issue Dec 20, 2021 · 1 comment
Open

Content Security Policy - "unsafe-eval" #567

AllaZhbanova opened this issue Dec 20, 2021 · 1 comment
Assignees
@mkviatkovskii

Comments

@AllaZhbanova
Copy link
Collaborator

Steps to Reproduce
Add a CSP (in your html entry file) that doesn't allow for "unsafe-eval"

Expected behavior
Not throw a CSP error

Actual behavior
Throws a CSP error

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script
Additional context
I've tracked this down to ketcher-standalone/src/generate/libindigo.js line 1230. Specifically new Function will cause this.

Don't have enough context to make a change to this but essentially new Function should go away otherwise CSP won't let it run.
@AllaZhbanova AllaZhbanova mentioned this issue Dec 20, 2021
Open
@BarneyLabstep BarneyLabstep mentioned this issue Mar 29, 2022
Closed
@even1024
Copy link
Collaborator

even1024 commented Apr 4, 2022

The problem seems to be common for WASM.

WebAssembly/content-security-policy#7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkviatkovskii mkviatkovskii

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mkviatkovskii @even1024 @AllaZhbanova