Can't use it with helmet.js.

Question

Can't use it with helmet.js.

Closed this issue 5 months ago · 1 comments

Uncaught (in promise) EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' *.jsdelivr.net *.google.com *.googleapis.com *.unpkg.com *.gstatic.com *.googletagmanager.com *.gstatic.com *.jquery.com *.stripe.com 'nonce-T4L0hhBgQhfH42hznQgJeb=='".

    at Function (<anonymous>)
    at Object.<anonymous> (devtools-detector.js:1853:34)
    at devtools-detector.js:1833:29
    at Object.next (devtools-detector.js:1841:19)
    at devtools-detector.js:1749:43
    at new Promise (<anonymous>)
    at o (devtools-detector.js:1723:20)
    at Object.isOpen (devtools-detector.js:1848:20)
    at t.<anonymous> (devtools-detector.js:785:48)
    at devtools-detector.js:702:29

That's the error I get because I want to prevent eval() on my site, using helmet.js. But it seems like the script uses eval. Am I forced to disable my protection measures to use this script? Is there an alternative.

Answer 1 · 2024-07-12T07:06:38.000Z

Fixed, please install the latest version.