Title: Content Security Policy and script-src
Last modified: April 8, 2024

---

# Content Security Policy and script-src

 *  [L Perderiset](https://wordpress.org/support/users/laurenay/)
 * (@laurenay)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/content-security-policy-and-script-src/)
 * Hi,
 * I’m attempting to implement a Content Security Policy (CSP), but it appears that
   your plugin uses `jquery.fancybox.min.js` with an `eval` function, resulting 
   in an error on my pages:
 * EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is
   not an allowed source of script in the following Content Security Policy directive:“
   script-src ‘self'”
 * Could you please advise on how to address this issue?

The topic ‘Content Security Policy and script-src’ is closed to new replies.

 * ![](https://ps.w.org/ari-fancy-lightbox/assets/icon-256x256.png?rev=1580843)
 * [ARI Fancy Lightbox - Popup for WordPress](https://wordpress.org/plugins/ari-fancy-lightbox/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ari-fancy-lightbox/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ari-fancy-lightbox/)
 * [Active Topics](https://wordpress.org/support/plugin/ari-fancy-lightbox/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ari-fancy-lightbox/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ari-fancy-lightbox/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [L Perderiset](https://wordpress.org/support/users/laurenay/)
 * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/content-security-policy-and-script-src/)
 * Status: not resolved