CSP is blocking eval script

  • wairshad

    (@wairshad)


    7 months, 3 weeks ago

    Dear Support,

    After installing the plugin, I noticed it is working good on my clients site, however, I noticed the following CSP message in the console. Any idea if this can be fixed? I am using it on WooCommerce + Litespeed WebServer.

    Content Security Policy of your site blocks the use of 'eval' in JavaScript`
    The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

    To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.

    If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.

    ⚠️ Allowing string evaluation comes at the risk of inline script injection.

    1 directive
    Source location	Directive	Status
    v1?ray=98b899a5cc508393&lang=auto:1	script-src	blocked

    Thanks.

The topic ‘CSP is blocking eval script’ is closed to new replies.

Tags