Content Security Policy issues

Describe the bug The current code (Nextcloud Hub 8 29.0.2) triggers CSP errors "EvalError: call to eval() blocked by CSP".

Each of those errors indicates that some JavaScript code was blocked, that means not processed.

I noticed those errors while I tried to find out why no images were shown for unsigned faces (https://[...]/apps/photos/faces/unassigned), but it looks like CSP errors are throwns on any page which is part of photos.

To Reproduce Steps to reproduce the behavior:

Open https://[...]/apps/photos/ in recent Firefox
Activate tools for web developers in Firefox
Inspect console in tools for web developers
See error

Expected behavior There should not be any CSP errors.

Desktop (please complete the following information):

OS: macOS 14.5 (23F79)
Browser Firefox 126.0

Browser log

EvalError: call to eval() blocked by CSP
    o moz-extension://ed062d15-4363-4797-8a7e-d72941f610cd/build/detector.js:1
    <anonym> moz-extension://ed062d15-4363-4797-8a7e-d72941f610cd/build/detector.js:1
    <anonym> moz-extension://ed062d15-4363-4797-8a7e-d72941f610cd/build/detector.js:1
    <anonym> moz-extension://ed062d15-4363-4797-8a7e-d72941f610cd/build/detector.js:1
    inject resource://gre/modules/ExtensionContent.sys.mjs:573
    InterpretGeneratorResume self-hosted:1412
    AsyncFunctionNext self-hosted:799

nextcloud / photos

Content Security Policy issues #2498