Remote connection fails with CSP violation

[Gudahtt]

When attempting to connect to a local server, I see the following error:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

It looks like this feature executes a string as JavaScript, which is disallowed by the current CSP.

[Gudahtt]

Probably related to https://github.com/reduxjs/redux-devtools/issues/1755

[s-ratashnyuk]

This bug is definitely related to the migration to the v3 manifest.

The extension uses one lib to do a Form validation (https://github.com/reduxjs/redux-devtools/blob/main/packages/redux-devtools-ui/src/Form/Form.tsx#L3) and this lib uses for whatever reason, the "eval".

[s-ratashnyuk]

My own dirty solution was to disable (remove or mock) this validator and after that, all started to work. I'm sure this could be managed in a proper way... I could make a PR if someone showed me this way :-)

[scremona-navico]

@s-ratashnyuk did you solve it somehow with a PR? I have the same problem as a Chrome extension. How could I fix it in this case? Cheers

[ashwth]

@s-ratashnyuk could you please share the fix. I'm having same issue