Open fcano-ut opened 2 months ago
Stale issue message
If anyone is interested in a workaround, we were able to bypass this issue by using patch-package to update code in runtimePlugin.js
From this:
const gs = new Function('return globalThis')();
to this:
let gs;
try{
gs = new Function('return globalThis')();
} catch(e) {
gs = window;
}
Describe the bug
The Nextjs plugin doesn't work if the "unsafe-eval" CSP header is not defined, which means the host apps are forced to use unsecure CSP settings or else they won't load.
Due to similar issues being raised in the past and fixed, I believe there is intention to support secure CSP headers in this project.
Some research
When running the app, this is the line that makes the script fail due to "unsafe-eval" not being present:
Seems to be related to this line executing: https://github.com/module-federation/core/blob/e38e48d1a5e0a7d22eb46843b0763469f3572a98/packages/nextjs-mf/src/plugins/container/runtimePlugin.ts#L72
Reproduction
https://github.com/fcano-ut/module-federation-reproduction-example-2497/pull/1
Used Package Manager
pnpm
System Info
Validations