Using 'unset-eval' in Content Security Policy throws the error

Question

Using 'unset-eval' in Content Security Policy throws the error

Opened this issue 2 years ago · 0 comments

Hi,
I'm using the 2key-ratchet library for end-to-end encryption in my React.js app.
After installing CSP on the website, I started facing issues with data encryption.
When trying to encrypt data, I'm getting an error asking me to add the "unsafe-eval" property to the CSP.
The application's security policy does not allow me to add the "unsafe-eval" property to the CSP.
Could you please fix this on your side or let me know how I can fix it on my side?

import * as DKeyRatchetSource from '2key-ratchet';

const DKeyRatchet = overwrite(DKeyRatchetSource);

// overwrite the package 
function overwrite(dependency) {
  const HASH_NAME = "SHA-256";
  const HMAC_NAME = "HMAC";

  dependency.Secret.importHMAC = function (raw) {
    return dependency.getEngine().crypto.subtle
      .importKey("raw", raw, { name: HMAC_NAME, hash: { name: HASH_NAME } }, true, ["sign", "verify"]);
  };

  return dependency;
}

// convert the encrypted message to a buffer and create a protocol instance from it
export async function processMessage(message) {
  const messageRaw = convertBase64ToBuffer(message);

  let messageEncrypted = await DKeyRatchet.MessageSignedProtocol.importProto(messageRaw).catch(() => { });

  if (!messageEncrypted) {
    messageEncrypted = await DKeyRatchet.PreKeyMessageProtocol.importProto(messageRaw); // Error in this method
  }

  return messageEncrypted;
}