Fix unsafe-eval CSP violation - closes #336 #346
Conversation
|
I think there's something slightly wrong with the Travis CI setup for this project. I just rebased on master in hope of getting the all clear, but all NPM versions failed in the same fashion, running I can recreate, and remedy, this locally from a fresh clone. Specifically, the issue seems to be that we need to install the Nonetheless, I'd appreciate it if this PR could be reviewed & merged 😄 |
|
At my office, we have been waiting for this PR to be merged for over a month. I’m thinking we have to fork the project soon to have this CSP issue fixed, which seems like a shame.. |
|
I think we should use the same approach as core-js for this -- https://github.com/zloirock/core-js/blob/580eef389f9be01a00ce32f550fea6cc6296df28/packages/core-js/internals/global.js#L1-L5 |
May help address the problems noted by @Benjamin-Dobell here: #346 (comment)
May help address the problems noted by @Benjamin-Dobell here: #346 (comment)
If this works, then it removes the need for hacks to discover the global object, which continue to be problematic (e.g. #336, #346). Importantly, the regenerator-runtime/runtime.js module can still be evaluated as a non-CJS script, and it will not pollute the global scope except for defining regeneratorRuntime.
|
These changes have been published as |
If this works, then it removes the need for hacks to discover the global object, which continues to be problematic (e.g. #336, #346). Importantly, the regenerator-runtime/runtime.js module can still be evaluated as a non-CJS script, and it will not pollute the global scope except for defining regeneratorRuntime.
Refer to #336 for details.