Stub out @protobufjs/inquire to avoid unsafe-eval violation in CSP

oasisprotocol · Nov 27, 2023 · ce76953 · ce76953
1 parent e0826e6
commit ce76953
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/docs/release-process.md b/docs/release-process.md
@@ -12,7 +12,7 @@ Production:
 
 - ensure <https://wallet.stg.oasis.io/> works
   - especially features related to changes
-  - look at CSP errors (expect one error: blocked `eval` in `inquire`)
+  - look at CSP errors
 - see the footer for what commit is deployed
 - update `stable` branch to that commit
 - `yarn install --frozen-lockfile && yarn build`

diff --git a/package.json b/package.json
@@ -167,6 +167,7 @@
   "//": "Parcel doesn't support subpath patterns #7840. We need an alias for @ledgerhq/devices",
   "alias": {
     "@ledgerhq/devices": "@ledgerhq/devices/lib-es",
+    "@protobufjs/inquire": "./src/utils/@protobufjs/inquire.js",
     "locales": "./src/locales",
     "utils": "./src/utils",
     "app": "./src/app",

diff --git a/src/utils/@protobufjs/inquire.js b/src/utils/@protobufjs/inquire.js
@@ -0,0 +1,4 @@
+// We intend to run in browsers, which don't support runtime `require`.
+// https://github.com/protobufjs/protobuf.js/pull/1548/files#r588874248
+// Stub this out to prevent CSP spam.
+module.exports = () => null;