fix: Remove use of eval to satisfy CSP

Contributes to: #346 Signed-off-by: Dale Lane <[email protected]>
IBM · Dec 11, 2020 · 0664c32 · 0664c32
1 parent 397664f
commit 0664c32
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/public/index.html b/public/index.html
@@ -45,7 +45,7 @@
         <meta property="og:video" content="https://machinelearningforkids.co.uk/static/images/machinelearningforkids.gif" />
 
     </head>
-    <body>
+    <body ng-csp="no-unsafe-eval">
         <div ng-app="app">
             <nav class="navbar navbar-default">
                 <div class="container-fluid">

diff --git a/src/lib/restapi/config.ts b/src/lib/restapi/config.ts
@@ -56,7 +56,6 @@ export const CSP_DIRECTIVES = {
     ],
     scriptSrc: ["'self'",
         // TODO : https://github.com/IBM/taxinomitis/issues/346 should investigate these
-        "'unsafe-eval'",
         "'unsafe-inline'",
         // used for auth
         'http://cdn.auth0.com',