[whatwg/fetch] EvalError refused to evaluate because CSP is defined to script-src set to 'self' 'unsafe-inline' (#861) from lopesdasilva on 2019-01-22 (public-webapps-github@w3.org from January 2019)

From: lopesdasilva <notifications@github.com>
Date: Tue, 22 Jan 2019 01:52:19 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/861@github.com>

Hi, 

I need a clarification on this:

I'm using whatwg-fetch polyfill on a server with 'strict' CSP's 
`
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' ; connect-src 'self' ; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'`

Currently i'm getting an error loading the script (although it's a browser with fetch support)
`EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' `

![screenshot 2019-01-22 at 09 48 16](https://user-images.githubusercontent.com/1013126/51526941-5c270980-1e2b-11e9-94dc-424c9d60a4ee.png)


Thanks, 
Rui




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/861

Received on Tuesday, 22 January 2019 09:52:40 UTC