How to enable CSP(Content Security Policy) in SSR mode

[fengjac]

I try to enable CSP in production environment.

/src-ssr/server.ts
export const create = ssrCreate((/* { ... } */) => {
  ...
  if (process.env.PROD) {
    // add for security reasons
    app.use(helmet({ contentSecurityPolicy: true }))
  }
  ...
  return app
})

But it was failed to run in browser and reported errors in browser console like this:

Is anybody could give me a hand? Thanks a lot!

[rstoenescu]

Edit your /index.html (or /src/index.template.html) and add the necessary meta tag. Or use Quasar's Meta plugin to add it dynamically. There's a number of ways this can be done.

[yusufkandemir]

Check the contents of the said file and search for any traces of eval(...). I would recommend building with --debug flag to make it easier. After you find it, you will have to replace the related library to satisfy the CSP.