Content Security Policy of your site blocks the use of 'eval' in JavaScript` Error

ttander32 · September 13, 2024, 1:20am

Hello has anyone ever seen this error in Google Console Inspect? If so, how did you resolve it? Thanks

The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

To solve this issue, avoid using eval(), new Function(), setTimeout([string], …) and setInterval([string], …) for evaluating strings.If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive. Allowing string evaluation comes at the risk of inline script injection.

Small_Task_Help · September 13, 2024, 10:44am

Hi,

Hope this will help

Safest solution is to refactor code to avoid using methods like:

eval()
new Function()
setTimeout(“code as string”, …)
setInterval(“code as string”, …)

ttander32 · September 14, 2024, 7:32pm

Thank you. I had my store optimized for speed and I have a concern that the scores that I’m seeing in Google Page Speed are fake. Is it possible that this code was used to trick Google?

Topic		Replies	Views
How to fix a Javascript error detected by SEO King? Technical Q&A javascript , third-party-theme	0	18	September 13, 2023
Checkout page js error Refuse to load the script Content Security Policy Issue Shopify Discussion	16	169	November 17, 2022
Blockiert von der Inhaltsicherheitsrichtlinie Technische Fragen & Antworten	16	39	April 20, 2020
How can I fix a Content Security Policy blocking Javascript on my website? Technical Q&A	0	35	February 15, 2023
Content Security Procedure directive errors/notices in browser console Shopify Discussion troubleshooting	0	17	May 23, 2022

Content Security Policy of your site blocks the use of 'eval' in JavaScript` Error

Related topics