I get this error when reloading my Chrome Extension after compiling using Webpack:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". at new Function (<anonymous>) at evalExpression (compiler.js:33919) at jitStatements (compiler.js:33937) at JitCompiler.webpackJsonp.../../../compiler/esm5/compiler.js.JitCompiler._interpretOrJit (compiler.js:34520) at JitCompiler.webpackJsonp.../../../compiler/esm5/compiler.js.JitCompiler._compileTemplate (compiler.js:34448) at compiler.js:34347 at Set.forEach (<anonymous>) at JitCompiler.webpackJsonp.../../../compiler/esm5/compiler.js.JitCompiler._compileComponents (compiler.js:34347) at compiler.js:34217 at Object.then (compiler.js:474)
My CSP grants the unsafe-eval
permission.
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
How can I permit the use of eval()
in my code (because Webpack uses this to generate source maps)?
Took me a few hours but what you probably want to do is change the style of source mapping webpack uses. By default it uses eval.
https://webpack.js.org/configuration/devtool/
I added this to my webpack.config.js: devtool: 'cheap-module-source-map'
The trick to this was figuring out why webpack --mode development
has the error and webpack --mode production
didn't.
Also I'm using React not Polymer but I'm pretty sure this still applies.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With