Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Formio Form is not rendering when CSP header restrict unsafe-eval in script-src policy #5971

Open
expertprincekumar opened this issue Jan 6, 2025 · 0 comments
Open

Error: Formio Form is not rendering when CSP header restrict unsafe-eval in script-src policy #5971

expertprincekumar opened this issue Jan 6, 2025 · 0 comments

Comments

@expertprincekumar
Copy link 

          Error:
Screenshot 2025-01-06 at 7 58 34 PM

We are encountering issues rendering our form when implementing Content Security Policy (CSP) without unsafe-eval. As per our security guidelines, we are required to remove the unsafe-eval directive from the script-src policy.

Issue Details
When unsafe-eval is removed from the CSP, the form fails to render correctly. This appears to be related to the use of libraries or frameworks that rely on eval-like functionality, which is restricted by CSP policies. The affected components are critical to our application, and the error prevents users from interacting with the form.

Request for Support
We seek guidance on:
Workarounds: Any suggested approaches to handle CSP restrictions without enabling unsafe-eval.
Library Updates: Is there a roadmap to eliminate the reliance on eval in the library?

Originally posted by @expertprincekumar in #5961 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@expertprincekumar