Tuesday, May 21, 2024
Homepage · html
 Popular · Latest · Hot · Upcoming
85
rated 0 times [  92] [ 7]  / answers: 1 / hits: 6023  / 2 Years ago, fri, may 27, 2022, 12:00:00

Error: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".



The error only shows in other browser and not chrome. I found some answers and they say to add




<meta http-equiv=Content-Security-Policy content=font-src 'self' 'unsafe-inline' data:; img-src 'self' data:; style-src 'self' 'unsafe-inline' data:; script-src 'unsafe-eval' 'unsafe-inline' data:; default-src 'self' localhost:*>




Reference: Content Security Policy


And after adding the meta tag an error pops up on refresh of the browser including chrome.



Error: Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'unsafe-inline' data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.



Please help.


More From » html
 Answers
8

I found the answer.
The problem was with helmet node module.
When I remove the app.use(helmet()) from my backend, The problem goes away.


If you're also having this error, I replaced the app.use(helmet()) with app.use(
helmet({
contentSecurityPolicy: false,
})
);


[#115] Friday, May 13, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
pranavrorys
Add To Favorites
Follow
Total Points: 466
Total Questions: 87
Total Answers: 115
Location: Barbados
Member since Sun, Nov 27, 2022
2 Years ago
pranavrorys questions
Thu, Oct 28, 21, 00:00, 3 Years ago
Sat, May 30, 20, 00:00, 4 Years ago
Tue, Mar 3, 20, 00:00, 4 Years ago
Fri, Dec 20, 19, 00:00, 5 Years ago
Fri, Oct 11, 19, 00:00, 5 Years ago
View All
;