Block blocked by CSP – unsafe-eval

  • Resolved BE API

    (@beapi)


    1 month, 2 weeks ago

    Hello,

    When I use a block PDF Embedder, it’s blocked due to CSP. Allowing unsafe-eval is CSP rules is a bad practice. Can you fix it?

    The error:

    Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive.

    Thanks.

    Best,
    Ga?l C.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Slava Abakumov

    (@slaffik)

    Hello there,

    Could you please provide a bit more details about the placement of that unsafe-eval? I can’t find anything related to that.

    If there is a security issue, we would appreciate a responsible disclosure via our contact form on a site: https://wp-pdf.com/contact/basic/

    Thank you.

    Plugin Author Slava Abakumov

    (@slaffik)

    Hi?@beapi,

    We haven’t heard back from you yet, so I’ll be closing this thread for now.

    If you still run into any issues, please feel free to reply, and we’ll take a look. 

    Have a good one ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.