grav-plugin-flex-objects Security: flex-objects.js blocked because 'unsafe-eval'

Security: flex-objects.js blocked because 'unsafe-eval'

Open sebastianbaumann opened this issue 3 years ago • 3 comments

Hey guys,

we are running into an issue lately. We are developing a Grav website right now, which is more secured than any standard page. Due to our security policy we're getting following error, which prevents loading the pages panel in admin.

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the flex-objects.js:522

Bildschirmfoto 2021-08-17 um 14 43 56

Bildschirmfoto 2021-08-17 um 14 42 14

Any workaround/solution for this? Thanks!

Aug 17 '21 12:08 sebastianbaumann

@w00fz Can you please check out why there's an eval in js?

Aug 18 '21 18:08 mahagr

That's how it gets minified by the UglifyJsPlugin in webpack when transpiling for production. I have to explore if there's other methods to get it minified without eval.

If you want to take a look and propose a PR that would be appreciated!

https://github.com/trilbymedia/grav-plugin-flex-objects/blob/develop/package.json#L9 https://github.com/trilbymedia/grav-plugin-flex-objects/blob/develop/webpack.conf.js#L21

Aug 18 '21 18:08 w00fz

Hello, I am also interested in this and would be pleased to receive a solution. Many thanks and best regards

Mar 02 '24 21:03 bastian42

grav-plugin-flex-objects grav-plugin-flex-objects copied to clipboard

Security: flex-objects.js blocked because 'unsafe-eval'

grav-plugin-flex-objects
grav-plugin-flex-objects copied to clipboard