The default policy of the browser-policy package disallows eval(), therefore async or sync options generate the following error:
"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'"
In order to preload a script with meteor-preloader, if you use browser-policy, then you need to add BrowserPolicy.content.allowEval() to your server code.
The default policy of the browser-policy package disallows
eval()
, thereforeasync
orsync
options generate the following error:"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'"
In order to preload a script with
meteor-preloader
, if you usebrowser-policy
, then you need to addBrowserPolicy.content.allowEval()
to your server code.