Fix unsafe-eval CSP violation - closes #336 (#346)

facebook · Aug 3, 2018 · 4efc689 · 4efc689
1 parent 7834cec
commit 4efc689
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/packages/regenerator-runtime/runtime-module.js b/packages/regenerator-runtime/runtime-module.js
@@ -7,7 +7,9 @@
 
 // This method of obtaining a reference to the global object needs to be
 // kept identical to the way it is obtained in runtime.js
-var g = (function() { return this })() || Function("return this")();
+var g = (function() {
+  return this || (typeof self === "object" && self);
+})() || Function("return this")();
 
 // Use `getOwnPropertyNames` because not all browsers support calling
 // `hasOwnProperty` on the global `self` object in a worker. See #183.

diff --git a/packages/regenerator-runtime/runtime.js b/packages/regenerator-runtime/runtime.js
@@ -715,5 +715,7 @@
   // In sloppy mode, unbound `this` refers to the global object, fallback to
   // Function constructor if we're in global strict mode. That is sadly a form
   // of indirect eval which violates Content Security Policy.
-  (function() { return this })() || Function("return this")()
+  (function() {
+    return this || (typeof self === "object" && self);
+  })() || Function("return this")()
 );