Content Security Policy of your site blocks the use of 'eval' in JavaScript` Error

Content Security Policy of your site blocks the use of 'eval' in JavaScript` Error

ttander32
Excursionist
30 0 3

Hello has anyone ever seen this error in Google Console Inspect? If so, how did you resolve it? Thanks

 

The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

 

To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.⚠️ Allowing string evaluation comes at the risk of inline script injection.

Replies 2 (2)

Small_Task_Help
Shopify Partner
813 26 71

Hi,

 

Hope this will help

 

Safest solution is to refactor code to avoid using methods like:

eval()
new Function()
setTimeout("code as string", ...)
setInterval("code as string", ...)

To Get Shopify Experts Help, E-mail - hi@ecommercesmalltask.com
About Us - We are Shopify Expert Agency
At Google My Business - Ecommerce Small Task - Hire Shopify Developers Ahmedabad
ttander32
Excursionist
30 0 3

Thank you. I had my store optimized for speed and I have a concern that the scores that I'm seeing in Google Page Speed are fake. Is it possible that this code was used to trick Google?