'unsafe-eval' is not an allowed source of script

Question

'unsafe-eval' is not an allowed source of script

dutu opened this issue 8 years ago · comments

I'm trying to use webix in a Meteor application deployed on Heroku.
Following error is triggered (and nothing displayed in the browser)

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'"

Note I have renamed : webix.js to _webix.js

dutu commented 7 years ago

Thanks!

Phil Andrew · Answer 1 · Thu Jan 12 2017 21:08:03 GMT+0800 (China Standard Time)

Did you solve this?

dutu · Answer 2 · Tue Jan 24 2017 04:12:57 GMT+0800 (China Standard Time)

@PhilAndrew issue is not resolved, but to work around the error I have used
BrowserPolicy.content.allowEval(); in my Meteor app

Hanna · Answer 3 · Wed Mar 01 2017 20:04:09 GMT+0800 (China Standard Time)

You can set "webix.env.strict" to true. This ahould solve the problem with 'unsafe-eval'