英文:
remove unsafe-eval from CSP header
问题
在我的 JavaScript 代码中,使用了非安全的 eval 方法,但现在客户要求移除非安全的 eval。但是在我的代码中,所有的 JavaScript 库都在使用 eval 方法,在移除非安全的 eval 后,代码无法正常工作。请问如何在不改变库代码的情况下移除非安全的 eval?
我目前使用的版本是 2.0.2,但出现了以下错误:
zone.min.js?_=1686053845269:1 抛出 EvalError: 拒绝评估字符串作为 JavaScript,因为 Content Security Policy 指令中未允许 'unsafe-eval' 作为脚本的来源。指令如下:"script-src 'self' 'nonce-/jHqQHDI76+2UJhy0y0afg=='"。
at new Function (<anonymous>)
at evalExpression (compiler.umd.min.js?_=1686053845269:6:1473)
at jitStatements (compiler.umd.min.js?_=1686053845269:21:30062)
at RuntimeCompiler._compileModule (compiler.umd.min.js?_=1686053845269:41:18413)
at RuntimeCompiler._compileModuleAndComponents (compiler.umd.min.js?_=1686053845269:41:16590)
at RuntimeCompiler.compileModuleAsync (compiler.umd.min.js?_=1686053845269:41:16063)
at PlatformRef_._bootstrapModuleWithZone (core.umd.min.js?_=1686053845269:35:26523)
at PlatformRef_.bootstrapModule (core.umd.min.js?_=1686053845269:35:25813)
at Object.initAngularComponents (consentRegistry.js?_=1686053845270:415:47)
at Object.init (consentRegistry.js?_=1686053845270:63:22)
英文:
I have very old javascript code and in that code they are using unsafe-eval but now client is saying we have to remove unsafe-eval but in my code in all the java script library is using eval method and code is not working after removing unsafe-eval,how i can remove unsafe-eval without changing the lib code.
so which version i can use that will not give me nonce error.
currently i am using 2.0.2
and getting below error.
zone.min.js?_=1686053845269:1 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-/jHqQHDI76+2UJhy0y0afg=='".
at new Function (<anonymous>)
at evalExpression (compiler.umd.min.js?_=1686053845269:6:1473)
at jitStatements (compiler.umd.min.js?_=1686053845269:21:30062)
at RuntimeCompiler._compileModule (compiler.umd.min.js?_=1686053845269:41:18413)
at RuntimeCompiler._compileModuleAndComponents (compiler.umd.min.js?_=1686053845269:41:16590)
at RuntimeCompiler.compileModuleAsync (compiler.umd.min.js?_=1686053845269:41:16063)
at PlatformRef_._bootstrapModuleWithZone (core.umd.min.js?_=1686053845269:35:26523)
at PlatformRef_.bootstrapModule (core.umd.min.js?_=1686053845269:35:25813)
at Object.initAngularComponents (consentRegistry.js?_=1686053845270:415:47)
at Object.init (consentRegistry.js?_=1686053845270:63:22)
答案1
得分: 3
根据以下条件:
- 客户要求不允许使用
unsafe-eval - 您有一个库,除非允许
unsafe-eval,否则无法正常工作 - 您不能更改该库的源代码
满足这三个条件的唯一方法是停止使用该库,并重新编写依赖于它的任何代码。
英文:
Given:
- The client requires that you do not allow
unsafe-eval - You have a library which will not work unless you allow
unsafe-eval - You cannot change the source code of that library
The only approach to have working code which is compatible with all three conditions is to stop using the library and rewrite any code you have which depends on it.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论