Handlebar widget in Apache Superset is not working when Content security policy is applied. This is because, handlebars.js scrip has Function.apply code which is not acceptable.
In version 4.7.7, this code is at line 4135 ('return Function.apply(this, params);')
If we set script-src to unsafe-eval, it works but unsafe-eval is not a recommended option for production system.
Is there a alternate way to handle this OR if there is any plan to resolve this in upcoming version
Handlebar widget in Apache Superset is not working when Content security policy is applied. This is because, handlebars.js scrip has Function.apply code which is not acceptable. In version 4.7.7, this code is at line 4135 ('return Function.apply(this, params);')
If we set script-src to unsafe-eval, it works but unsafe-eval is not a recommended option for production system.
Is there a alternate way to handle this OR if there is any plan to resolve this in upcoming version
Thanks!!