Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Content Security Policy -unsafe eval

    HI,
    We have a requirement where we want to remove "unsafe-eval" from CSP header for security concerns. On removing unsafe-eval from "script-src" directive in CSP header, isomorphic code breaks in ISC_Core.js because we are using new Function() in that file. Do we have support in isomorphic to achieve the same?

    #2
    This is not a supported setting, as it would cripple the software and make many key features impossible.

    It is also a useless setting, as there are many other ways of doing an unsafe eval() without calling the eval function per se.

    If you believe the framework contains any unsafe evals, please submit a test case showing how they can be exploited.

    Comment

    Working...
    X