CSP unsafe-eval conflict #237
Description
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.
If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.
AFFECTED RESOURCES
1 directive
Source location | Directive | Status -- | -- | -- app.js?f6326a472a:16 | script-src | blocked