Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to skip invariant in webpack? #23

Closed
eternalmatt opened this issue Sep 28, 2020 · 2 comments · Fixed by #53
Closed

How to skip invariant in webpack? #23

eternalmatt opened this issue Sep 28, 2020 · 2 comments · Fixed by #53
Assignees
@benjamn

Comments

@eternalmatt
Copy link

eternalmatt commented Sep 28, 2020
edited
Loading

Hello, I found this module attempting to violate my Content Security Policy after tracking it down in my webpack bundle line 1, column 554,074 as it were. After finding that actual column, then grepping my node_modules for Function('stub', I am greeted with the lovely code comment here: https://github.com/apollographql/invariant-packages/blob/master/packages/ts-invariant/src/invariant.ts#L54-L57

As I would very much like to not include "unsafe-eval" and also not post back csp-violations to my server, how can I disable this functionality in my production webpack build?

I build with Angular CLI --prod so the minified code looks like this:

var c={env:{}};if("object"==typeof process)c=process;else try{Function("stub","process = stub")(c)}catch(l){}}
@eternalmatt eternalmatt changed the title How to skip invarient in webpack? How to skip invariant in webpack? Sep 28, 2020
benjamn added a commit that referenced this issue Dec 3, 2020
@benjamn
Better polyfill for globalThis.
c3e8556 
Horrifying, sure, but much better than using Function:
https://mathiasbynens.be/notes/globalthis

Fixes #23.
@benjamn benjamn self-assigned this Dec 3, 2020
@benjamn benjamn mentioned this issue Dec 3, 2020
Merged
benjamn added a commit that referenced this issue Dec 4, 2020
@benjamn
Better polyfill for globalThis. (#53)
717dda6 
"Horrifying," sure, but so much better than using Function, in terms
of how many folks will complain it violates their Content Security Policy:
https://mathiasbynens.be/notes/globalthis

Fixes #23.
@benjamn
Copy link
Member

benjamn commented Dec 4, 2020

@eternalmatt Starting in ts-invariant@0.6.0, the Function constructor is no longer used (even as a fallback) to obtain a reference to the global object. I will update @apollo/client to use version 0.6.0 of this package today/soon.

@eternalmatt
Copy link
Author

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benjamn benjamn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Better polyfill for globalThis. apollographql/invariant-packages
2 participants
@benjamn @eternalmatt