Open krhougs opened 1 year ago
I'm creating an extension and having the same problem. Defining "wasm-unsafe-eval" in my Manifest.v2 fixes my problem, but not in Manifest.v3 because of the security changes. So it's only a temporary solution.
@jacogr
I am trying to sign payloads within a Cloudflare Worker. The runtime refuses loading the wasm bytes in memory since the CSP policy
wasm-unsafe-eval
is not allowed in the runtime. After some research, I found that this affects multiple scenarios:wasm-unsafe-eval
explicitlywasm-unsafe-eval
explicitlyI appreciate the current dynamic façon to keep the bundle tiny in size, but it won't work in some secure environments.
Some reading: https://github.com/WebAssembly/content-security-policy/blob/main/proposals/CSP.md
Expected: the library should load Current:
FATAL: Unable to initialize @polkadot/wasm-crypto:: WebAssembly.instantiate(): Wasm code generation disallowed by embedder
This happens in ANY Environment where
wasm-unsafe-eval
is not allowedEnvironment: