Unsafe-eval violation

[FelixGirard]

Hello,

We are using your package and found that you are using eval() which is not allowed by our Content-Security-Policy. Please look at this documentation for more information on unsafe-eval.

Thanks!

[josdejong]

The support for offloading functions dynamically requires serializing a function, sending it to the worker, and then deserializing it again. This last step requires creating a new function on the fly via new Function(...), which indeed can trigger such a content security policy.

"Fixing" this would require throwing away this core feature. Or maybe creating a special edition of the library with this feature stripped. I have the feeling that we should not go that direction, I think it would make the library more complex and confusing to use and maintain. It may make more sense to look for an alternative library?

[FelixGirard]

Thank you for your answer!

We don't use that feature, but I understand your point. We will look at other library or forking this one and removing the feature :)