Content-Security-Policy

[luciimon]

Describe the problem statement?

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

at Function (<anonymous>)
at RxFormBuilder.createInstance (rxweb-reactive-form-validators.js:1248)
at RxFormBuilder.group (rxweb-reactive-form-validators.js:3669)
at new ChannelComponent (channel.component.ts:22)
at NodeInjectorFactory.ChannelComponent_Factory [as factory] (channel.component.ts:77)
at getNodeInjectable (core.js:5579)
at instantiateRootComponent (core.js:12354)
at createRootComponent (core.js:25376)
at ComponentFactory$1.create (core.js:32871)
at ViewContainerRef.createComponent (core.js:15150)
at resolvePromise (zone-evergreen.js:793)
at resolvePromise (zone-evergreen.js:752)
at zone-evergreen.js:854
at ZoneDelegate.invokeTask (zone-evergreen.js:400)
at Object.onInvokeTask (core.js:40170)
at ZoneDelegate.invokeTask (zone-evergreen.js:399)
at Zone.runTask (zone-evergreen.js:168)
at drainMicroTaskQueue (zone-evergreen.js:570)

Package version

@rxweb/1.9.7

[ajayojha]

@luciimon Can you please provide the sample link?

[luciimon]

https://github.com/luciimon/RxwebCspIssue

[ajayojha]

Thanks for providing this, Will update you once I check.

[ajayojha]

Hi @luciimon , I have identified areas where this fix will impact and this will take some time. I would suggest for now you can update csp in the index.html page to make this working for time being, I know it's not a good solution, but this is a temporary solution if you like 😄 . I will definitely resolve this issue in the 1.9.9 release.

[bolemeus]

Any updates on this? We're running into thesame issue now that we have to enforce these csp rules.

[gs-scooter]

We are also getting this issue when attempting to render rxweb controls with conditional validation expressions. We're more than 3 years into this issue without a fix. Please advise.