Security: flex-objects.js blocked because 'unsafe-eval'

[sebastianbaumann]

Hey guys,

we are running into an issue lately. We are developing a Grav website right now, which is more secured than any standard page. Due to our security policy we're getting following error, which prevents loading the pages panel in admin.

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the flex-objects.js:522

Any workaround/solution for this?
Thanks!

[mahagr]

@w00fz Can you please check out why there's an eval in js?

[w00fz]

That's how it gets minified by the UglifyJsPlugin in webpack when transpiling for production. I have to explore if there's other methods to get it minified without eval.

If you want to take a look and propose a PR that would be appreciated!

https://github.com/trilbymedia/grav-plugin-flex-objects/blob/develop/package.json#L9
https://github.com/trilbymedia/grav-plugin-flex-objects/blob/develop/webpack.conf.js#L21

[bastian42]

Hello,
I am also interested in this and would be pleased to receive a solution.
Many thanks and best regards