Bundle contains calls to Function() which are "unsafe-eval" (CSP)

flowjs / flow.js

A JavaScript library providing multiple simultaneous, stable, fault-tolerant and resumable/restartable file uploads via the HTML5 File API.

Other

2.96k stars 346 forks source link

Open drzraf opened 3 years ago

drzraf commented 3 years ago

Content Security Policy (CSP) might block 'unsafe-eval' which includes eval(), Function(), setTimeout() and setInterval()

One such occurrence comes from regenerator-runtime provided by Babel. This was somehow fixed by https://github.com/facebook/regenerator/pull/346 and subsequently but Babel:

Neither updated the dependency
Neither merged a commit intended to make regenerator-runtime inclusion optional (https://github.com/babel/babel/pull/10768)

drzraf commented 3 years ago

/edit I intended to post below #346

AidasK commented 3 years ago

Sure, you can refactor it differently, sounds good