Title: Error when using CSP directive “script-src ‘unsafe-eval’ “ Last modified: October 16, 2025 --- # Error when using CSP directive “script-src ‘unsafe-eval’ “ * Resolved [Matze Pabst](https://wordpress.org/support/users/matthiaspabst/) * (@matthiaspabst) * [7 months, 4 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/) * I’m trying to setup a Content Security Policy (CSP) as recommended by many security tools. Unfortunately, my forms don’t work if I don’t allow `script-src 'unsafe- eval'` in my policy. There’s at least one script in your plugin, that uses eval(): * /wp-content/plugins/calculated-fields-form/js/cache/all.js?ver=5.4.0.5 – Line: 10066 * Is there a chance, to rewrite this function to make it safer? eval() shouldn’t be used. [https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) Viewing 4 replies - 16 through 19 (of 19 total) [←](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/?output_format=md) [1](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/?output_format=md) 2 * Plugin Author [CodePeople2](https://wordpress.org/support/users/codepeople2/) * (@codepeople2) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/page/2/#post-18891717) * Hello [@matthiaspabst](https://wordpress.org/support/users/matthiaspabst/) * Could you please contact us directly through the plugin website so we can review your case in detail? * [https://cff.dwbooster.com/contact-us](https://cff.dwbooster.com/contact-us) * Best regards. * Plugin Author [CodePeople2](https://wordpress.org/support/users/codepeople2/) * (@codepeople2) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/page/2/#post-18892570) * Hello [@matthiaspabst](https://wordpress.org/support/users/matthiaspabst/) * We just released a plugin update that should fix the reported issue. Could you please install it and let me know if the issue persists? Please remember to clear both website and browser caches after installing the plugin update. * Best regards. * Thread Starter [Matze Pabst](https://wordpress.org/support/users/matthiaspabst/) * (@matthiaspabst) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/page/2/#post-18892891) * [@codepeople2](https://wordpress.org/support/users/codepeople2/) The CSP problem is fixed but now it’s not possible anymore, to use more that one form on a page or post. Error from the browser console: * `Uncaught SyntaxError: redeclaration of const cpcff_eval_blocked` * Plugin Author [CodePeople2](https://wordpress.org/support/users/codepeople2/) * (@codepeople2) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/page/2/#post-18893039) * Hello [@matthiaspabst](https://wordpress.org/support/users/matthiaspabst/) * I’m sorry for the inconvenience. I’ve identified the issue and released a new plugin update to fix it. * Please note that the plugin detects your website headers based on their configuration. If it does not detect the CSP policies correctly, you can work around this by adding an **HTML Content** field as the first field in your form. Enable the option to support scripts in its settings, and then enter the following code into its content attribute: * ```wp-block-code ``` * Please install the plugin update and let me know if the issue persists. * Best regards. Viewing 4 replies - 16 through 19 (of 19 total) [←](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/?output_format=md) [1](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/?output_format=md) 2 You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Ferror-when-using-csp-directive-script-src-unsafe-eval%2Fpage%2F2%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/calculated-fields-form/assets/icon-256x256.jpg?rev=1734377) * [Calculated Fields Form](https://wordpress.org/plugins/calculated-fields-form/) * [Frequently Asked Questions](https://wordpress.org/plugins/calculated-fields-form/#faq) * [Support Threads](https://wordpress.org/support/plugin/calculated-fields-form/) * [Active Topics](https://wordpress.org/support/plugin/calculated-fields-form/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/calculated-fields-form/unresolved/) * [Reviews](https://wordpress.org/support/plugin/calculated-fields-form/reviews/) * 19 replies * 2 participants * Last reply from: [CodePeople2](https://wordpress.org/support/users/codepeople2/) * Last activity: [1 month, 2 weeks ago](https://wordpress.org/support/topic/error-when-using-csp-directive-script-src-unsafe-eval/page/2/#post-18893039) * Status: resolved