Topic: mdb.js violates csp unsafe-eval
Expected behavior I should be able to include mdb.js from mdb pro without having to set a content-security-policy of script-src 'self' 'unsafe-eval'
Actual behavior I get CSP violations there are two eval statements in mdb.js
Resources (screenshots, code snippets etc.) From inspector:
Content Security Policy: The page’s settings observed the loading of a resource at eval (“script-src”). A CSP report is being sent. mdb.js:17280:21
Content Security Policy: The page’s settings observed the loading of a resource at eval (“script-src”). A CSP report is being sent. mdb.js:17777:21
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Opened
- ForumUser: Free
- Premium support: No
- Technology: MDB jQuery
- MDB Version: 4.10.0
- Device: PC
- Browser: Firefox 70.0.1
- OS: Ubuntu 18.04
- Provided sample code: Yes
- Provided link: No
Logan Marshall priority commented 4 years ago
Completely agree.
I also posted this over on the github for MD bootstrap. Still haven’t had a response. This CSP issue is preventing an A+ security headers rating.
As many paying Pro customers here, it would be great to get a response here from MD bootstrap.
Grzegorz Bujański staff commented 4 years ago
Hi. We keep in mind that this error still occurs. We are currently planning a reflector for several components. We will check if errors are related to them and try to fix this. Best, Grzegorz.
Rushman1 free commented 4 years ago
Are there any work arounds for this issue? I am trying to use it and I keep geting errors that are stopping me.
Grzegorz Bujański staff commented 4 years ago
Hi. Can you say something more? What are you trying to use and what is stopping you?