Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
Hello has anyone ever seen this error in Google Console Inspect? If so, how did you resolve it? Thanks
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.⚠️ Allowing string evaluation comes at the risk of inline script injection.
Hi,
Hope this will help
Safest solution is to refactor code to avoid using methods like:
eval()
new Function()
setTimeout("code as string", ...)
setInterval("code as string", ...)
Thank you. I had my store optimized for speed and I have a concern that the scores that I'm seeing in Google Page Speed are fake. Is it possible that this code was used to trick Google?
Starting a B2B store is a big undertaking that requires careful planning and execution. W...
By JasonH Sep 23, 2024By investing 30 minutes of your time, you can unlock the potential for increased sales,...
By Jacqui Sep 11, 2024We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024