Open dracos opened 8 years ago
A Content-Security-Policy header (without unsafe-eval) will block any use of new Function, even one that's empty. I think the offending line at https://github.com/openlayers/ol2/blob/75716beaacc01955f05708c03438b588fc8db55d/lib/OpenLayers/Request/XMLHttpRequest.js#L391 can be safely set to null instead.
A Content-Security-Policy header (without unsafe-eval) will block any use of new Function, even one that's empty. I think the offending line at https://github.com/openlayers/ol2/blob/75716beaacc01955f05708c03438b588fc8db55d/lib/OpenLayers/Request/XMLHttpRequest.js#L391 can be safely set to null instead.