Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Avoid using eval
See original GitHub issueIs your feature request related to a problem? Please describe 🙏
I am adding a Content Security Policy to a new website that’s (happily) using instantsearch.js. I noticed that in order for search to keep working with our CSP, we have to make some exceptions:
{
directives: {
defaultSrc: ["'none'"],
connectSrc: [
'*.algolia.net',
'*.algolianet.com'
],
scriptSrc: [
"'self'",
"'unsafe-eval'" // exception for Algolia instantsearch.js
],
styleSrc: [
"'self'",
"'unsafe-inline'"// exception for Algolia instantsearch.js
]
}
}
Describe the solution you’d like 🤔
I would like to disallow unsafe-eval for scripts and unsafe-inline for styles in my CSP and continue using instantsearch.js
Apologies, but I have not yet looked into the specific code in this library that using eval or similar. Just opening this as a tracking issue and to hopefully get a conversation started. Thanks!
Issue Analytics
- State:
- Created 5 years ago
- Comments:10 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sounds good @Haroenv, thanks for following up.
Haven’t tried it yet (not a top priority) but I will report back soon.