What is the best practice to make your React app work when Content Security Policy header is set?
If I set header Content-Security-Policy: script-src 'self';
I get an EvalError because ‘unsafe-eval’ is not allowed. And as I’ve read, enabling ‘unsafe-eval’ and ‘unsafe-inline’ is a very bad practice which should be avoided. So what are my options here? Are using hash or nonce my only options?
1 Like
Did you manage to find a solution to this? I’m searching for the same thing!
Did you find any solutions for this? I have been researching how to apply a safe CSP. And references would be appreciated.