Got an issue with Content Security Policy (CSP)

[keeratita]

Hi,

I've got an issue about CSP when the security team doesn't allow to use unsafe-eval.

Uncaught (in promise) EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive

Is it possible that the future release will kindly consider this one as well?
Thanks in advance 🙏🏻

[hoppergee]

I'll see what I can do about this.

[hoppergee]

Hi @keeratita

I just bump a new release 1.1.6. Please have a test with below code to see whether it's being fixed.

- import { heicTo } from "heic-to"
+ import { heicTo } from "csp/heic-to"

[keeratita]

hi @hoppergee Thanks a lot for your prompt response.
OMG that's fast! I will test it now 🙏🏻

[keeratita]

hi @hoppergee works! thanks a lot for your help 🙇🏻

[keeratita]

FYI, i have to import like this.

import { heicTo, isHeic } from 'heic-to/dist/csp/heic-to';

i can't use from 'csp/heic-to'; for some reason.

[keeratita]

hi @hoppergee

Sorry, one more question about the usage of this library. Could I use it as a part of a functionalities in the commercial application to preview a HEIC file on the browser?

[hoppergee]

libheif is on LGPL, the answer is yes I think.

[keeratita]

@hoppergee the best! thanks