Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed

awslabs / aws-lex-browser-audio-capture

An example web application using the Lex JavaScript SDK to send and receive audio from the Lex PostContent API. Demonstrates how to capture an audio device, record audio, and convert the audio into a format that Lex will recognize, and play the response. All from a web browser.

MIT No Attribution

165 stars 75 forks source link

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed #11

Closed Raulkg closed 5 years ago

Raulkg commented 6 years ago

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'.

My CSP doesn't allow script evaluation. how can we make this covered considering XSS attacks for this library.?

glmourad commented 5 years ago

Could you edit the CSP values? In my case I appended worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com blob:; to my csp policy