Skip to content
Advertisement

Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source

I added the following to a web page:

JavaScript

When I run the application I get the following error:

JavaScript

When I remove the script I do not get the error anymore.

Any idea why this happens?

Advertisement

Answer

Your current CSP setting is:

JavaScript

which means that you can only execute your code from your root URL (localhost:5000).

You can try to extend this policy to the other URL you are using:

JavaScript

The CSP setting location depends on your web server. In case of Apache, this is set in file ‘.htaccess’.

P.S: ‘unsafe-eval’ doesn’t seem to be related to the listener you are adding, but you can try the above change anyway.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement