search

MiroHibler / meteor-preloader

A Meteor "lazy-loader" for external .js and .css libraries
75 stars 3 forks source link

Conflict with Meteor default browser-policy #25

Open dbismut opened 9 years ago

dbismut commented 9 years ago

The default policy of the browser-policy package disallows eval(), therefore async or sync options generate the following error:

"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'"

In order to preload a script with meteor-preloader, if you use browser-policy, then you need to add BrowserPolicy.content.allowEval() to your server code.

MiroHibler commented 8 years ago

Thanks! I may add it as an option.