I'm trying to use the Facebook Javascript SDK in my web application that I protected with CSP. I added "connect.facebook.net" in my "script-src" CSP list and the SDK is loading.
But it looks like the SDK is trying to evaluate a string as Javascript
(source: free.fr)
How can I use the Facebook SDK without having to add "'unsafe-eval'" in my CSP? Is there a CSP-friendly version of this SDK?
Thanks :)
Unfortunately, you can't use the Facebook SDK without 'unsafe-eval', because the Facebook SDK requires it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With