From 8aeea1dc04566d35bdca9d574c975f99fed0d51e Mon Sep 17 00:00:00 2001 From: maudnals Date: Thu, 23 Dec 2021 09:29:04 +0100 Subject: [PATCH] Enabled unsafe eval --- src/static-build/utils.tsx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/static-build/utils.tsx b/src/static-build/utils.tsx index bd0d0bee..31763dd9 100644 --- a/src/static-build/utils.tsx +++ b/src/static-build/utils.tsx @@ -35,7 +35,9 @@ function addCspAsMetaTag(htmlString: string) { // Hash inline scripts from this html file, if there are any const scriptHashes = s.hashAllInlineScripts(); // Generate a strict CSP as a string - const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true); + // enableTrustedTypes: false, enableBrowserFallbacks: true + // enableUnsafeEval: true, to accomodate for uses of eval by emscripten. Enabling eval makes the CSP a bit less secure + const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true, true); // Set this CSP via a meta tag s.addMetaTag(strictCsp); const htmlStringWithCsp = s.serializeDom();