Fall back to window as globalObj if a CSP is in place.

[moritzuehling]

Function("return this")() throws an exception if eval is disabled via a content security policy. This means that this module could not be used in places where it is, such as chrome extension or on the Twitch platform - instead it broke the whole application.

This should fix this problem, and fall back to the window variable in those places, which should cover all common browsers.

[solkimicreb]

Thanks for that catch and fix!

This could cause Uncaught ReferenceError: window is not defined on platforms where window is not defined (Node, Workers, React Native, etc) Could you change it to

const globalObj = typeof window === 'object' ? window : Function('return this')();

I think that combines the best of both worlds.

[solkimicreb]

There is an official polyfill for the new standard globalThis btw, which suffers from the same issue. Maybe you could open an issue there too, if you are interested.

[moritzuehling]

I've updated the branch.

The reason why I'd written it this way was to be as compatible as possible with your old code. It would only fall back to window as a default if the eval-code wasn't working.

I'm not sure how I didn't catch the undefined problem - I'll blame my frustration for it. At this point I'd searched for over three hours which one of my dependencies dared to emit that eval. Modern build systems don't make this easy :D

[solkimicreb]

Thanks! I will release a patch today with the fix.

[solkimicreb]

v4.2.2 is out with your fix. Thanks for your contribution! (Are you using this package directly or through easy state?)

[moritzuehling]

I'm using it through easy-state.