Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] - Improve JavaScript to remove the need for 'unsafe-eval' in Content-Security-Policy directives. #929

Open
JohnnyQuest1983 opened this issue Jul 24, 2024 · 0 comments
Open

[Enhancement] - Improve JavaScript to remove the need for 'unsafe-eval' in Content-Security-Policy directives. #929

JohnnyQuest1983 opened this issue Jul 24, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@JohnnyQuest1983
Copy link

Description of the enhancement:
When embedding a Freshworks form onto a website that has a Content Security Policy in place, crayons requires the addition of 'unsafe-eval' to be included in the script-src. I've not delved into code to find the particular culprit, but it would be preferable for it to not require 'unsafe-eval'.

Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: "script-src...." (Missing 'unsafe-eval')
https://cdn.jsdelivr.net/npm/@freshworks/crayons@4.3.0-beta.11/dist/crayons/crayons.esm.js:1:777

Describe the solution you'd like
Refactor crayons' JavaScript to not require 'unsafe-eval' in a Content Security Policy's 'script-src' directive.
@JohnnyQuest1983 JohnnyQuest1983 added the enhancement New feature or request label Jul 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JohnnyQuest1983