Triggers CSP violations if unsafe-eval is not used

[sorin-davidoi]

Using the script-src directive without 'unsafe-eval' results in a violation:

Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").

This is caused by the following line in http://static.filestackapi.com/filestack-js/3.17.0/filestack.min.js:

try{i=i||new Function("return this")()}catch(t)

While this doesn't seem to affect the functionality of the library, if one uses the report-uri directive it will result in useless HTTP requests being made.

[Cherry]

This is affecting us in production too. Is there any way to disable this unsafe-eval call?

[kYann]

Hello, same here !