Thabo
Reputation: 1465
NGXS compatibility option strictContentSecurityPolicy has no effect
The Compatibility option strictContentSecurityPolicy has no effect. I am getting the following error in the browser when accessing my app because of my servers content security policy.
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
NGXS: 3.8.1
@angular/core: 17.0.3
Configure the root module with these options.
NgxsModule.forRoot([], {
developmentMode: !environment.production,
selectorOptions: {
suppressErrors: false,
},
compatibility: {
strictContentSecurityPolicy: true,
},
}),
To execute the compliantPropGetter instead of fastPropGetter
export function propGetter(paths: string[], config: NgxsConfig) {
if (config?.compatibility?.strictContentSecurityPolicy) {
return compliantPropGetter(paths);
} else {
return fastPropGetter(paths);
}
}
Upvotes: 0
Views: 20
Answers (0)
Related Questions
- Property '...' has no initializer and is not definitely assigned in the constructor
- Error no angular: "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
- Getting error after adding nonce instead of unsafe-inline'
- ExcelJS: "Uncaught EvalError: 'unsafe-eval' is not an allowed source of script in the following Content" in Angular App
- how to use angular 5 to build chrome extension
- chrome extension Content Security Policy1
- Can't save PDF file in the Angular app in production because of the Content Security Policy directive
- Angular 5 & CSP - Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script
- Angular7: How to eval an arithmetic string
- Using Angular 2 in Chrome packaged app