fix need for unsafe-eval in CSP header

This commit is contained in:
Bruno Windels 2021-02-04 11:31:07 +01:00
parent 034426ed45
commit 5aa2858f4b

View file

@ -69,6 +69,10 @@ async function buildHtml(assets) {
const doc = cheerio.load(devHtml); const doc = cheerio.load(devHtml);
doc("link[rel=stylesheet]").attr("href", assets.resolve(`bundle.css`)); doc("link[rel=stylesheet]").attr("href", assets.resolve(`bundle.css`));
const mainScripts = [ const mainScripts = [
// this is needed to avoid hitting https://github.com/facebook/regenerator/issues/378
// which prevents the whole bundle to load, as our CSP headers don't allow unsafe-eval
// and I preferred this over disabling strict mode for the whole bundle
`<script type="text/javascript">window.regeneratorRuntime = undefined;</script>`,
`<script type="text/javascript" src="${assets.resolve(`bundle.js`)}"></script>`, `<script type="text/javascript" src="${assets.resolve(`bundle.js`)}"></script>`,
`<script type="text/javascript">bundle.main(document.body);</script>` `<script type="text/javascript">bundle.main(document.body);</script>`
]; ];