meteor-preloader icon indicating copy to clipboard operation
meteor-preloader copied to clipboard

Published 20 hours ago verified publisher icon MiroHibler

Conflict with Meteor default browser-policy

Open dbismut opened this issue 9 years ago • 1 comments

The default policy of the browser-policy package disallows eval(), therefore async or sync options generate the following error:

"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'"

In order to preload a script with meteor-preloader, if you use browser-policy, then you need to add BrowserPolicy.content.allowEval() to your server code.

dbismut avatar Jul 18 '15 17:07 dbismut

Thanks! I may add it as an option.

MiroHibler avatar Oct 20 '15 15:10 MiroHibler