CSP violation in Firefox due to eval()
See original GitHub issueHi,
we’re using CSP and therefore using eval()
is forbidden.
airbrake-js
is using eval
4 times, so Firefox throws an error with call to eval() or related function blocked by CSP
. I’m not sure why the other browsers don’t throw an error though.
Any chance to fix this?
Thanks!
Issue Analytics
- State:
- Created 5 years ago
- Reactions:6
- Comments:8 (4 by maintainers)
Top Results From Across the Web
CSP: script-src - HTTP - MDN Web Docs - Mozilla
The 'wasm-unsafe-eval' source expression controls WebAssembly execution. If a page has a CSP header and 'wasm-unsafe-eval' isn't specified in ...
Read more >Firefox add-on needs 'unsafe-eval' in CSP header #471 - GitHub
The Firefox version is not able to detect Ember application if the server sends the Content Security Policy header without 'unsafe-eval' in ...
Read more >CSP: How to allow unsafe-eval for a given URI prefix (Firefox)
For example, the script-src supports unsafe-eval which means that any script that is otherwise allowed to execute is allowed to run eval() ......
Read more >Content-Security-Policy Header CSP Reference & Examples
Content Security Policy (CSP) ... Try our CSP Browser Test to test your browser. ... Allows unsafe dynamic code evaluation such as JavaScript...
Read more >Content security policy - web.dev
Learn what directives are available. Learn the keywords they take. Inline code and eval() are considered harmful. Report policy violations to ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
FYI, this seems to have broken our build. When using 1.4.0, we receive the following when building our app with webpack:
In case it helps, we’re using webpack 3.11.0.
How do you import
airbrake-js
?