Hello,

We are using your package and found that you are using eval() which is not allowed by our Content-Security-Policy.
Please look at this documentation for more information on unsafe-eval.

Thanks!

The support for offloading functions dynamically requires serializing a function, sending it to the worker, and then deserializing it again. This last step requires creating a new function on the fly via new Function(...), which indeed can trigger such a content security policy.

"Fixing" this would require throwing away this core feature. Or maybe creating a special edition of the library with this feature stripped. I have the feeling that we should not go that direction, I think it would make the library more complex and confusing to use and maintain. It may make more sense to look for an alternative library?

Thank you for your answer!

We don't use that feature, but I understand your point. We will look at other library or forking this one and removing the feature :)