CSP (Content Security Policy) rules are blocking react-virtualized execution
See original GitHub issueHi!
When CSP rules are enforced by the server, react-virtualized is blocked because of the use of eval
by the interval-tree-1d dependency, and its own dep binary-search-bounds. This issue may impact a larger and larger number of users in the future. I understand this dependency is used for performance reasons, and I’m afraid I haven’t any replacement solution for this, but I wanted to discuss the issue with you, and see if we could manage to find a solution. Any thoughts?
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (7 by maintainers)
Top Results From Across the Web
Content Security Policy - OWASP Cheat Sheet Series
Basic CSP Policy This policy prevents cross-site framing and cross-site form-submissions. It will only allow resources from the originating domain for all the ......
Read more >React Content Security Policy Guide - StackHawk
In this post, we're going to cover content security policy, or CSP, in React. First we'll have a brief overview of CSP—what is...
Read more >Everything You Need to Know About Content Security Policy ...
A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser's trust of the content received from...
Read more >ContentSecurityPolicy Preventing fetch request in Electron
Refused to connect to '<API_URL>' because it violates the document's Content Security Policy. The code I am using to make the request is...
Read more >How To Secure Your Django Application with a Content ...
Now that your project supports CSPs, it is ready to be security hardened. To achieve that, you'll configure the project to add CSP...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
In the meanwhile, unless you’re using the
Masonry
component, you don’t actually need or use this dependency. If your build system is pulling it in- you can work around this using a deep import.This will also likely help with your bundle size slightly.
I’ve been meaning to write up a section of the docs about this.
9.6.0 release just went out with this.