EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' https: data:"
ravitejapagala opened this issue · 2 comments
I have configured the JupyterHub Dockerspawner running in container.
I am able to run the JUPYTERHUB container without any issues and able to spawn the jupyter notebook container as well.
Here the problem is having with the content-security-policy.
"EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' https: data:""
Here I am attaching the console section in (DevTools) screenshot of jupyter notebook which is spawned up from the JupyterHub.
I tried with following configuration in jupyterhub_config.py:
c.JupyterHub.tornado_settings = {
'headers': {
'Content-Security-Policy': "default-src 'self' * 'unsafe-inline' https: data: 'unsafe-eval';"
}
}
Even though if I add this configuration I am still facing the same issue.
Can anyone suggest how to configure in Jupyterhub_config.py and jupyter_notebook_config.py to allow CSP headers?
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋
Welcome to the Jupyter community! 🎉