switch from unsafe-eval to wasm-unsafe-eval

Per https://caniuse.com/?search=wasm-unsafe-eval this functionality is now available in all major browsers, so it seems reasonable to switch over to it off of the broader CSP allowance. Closes #60
kujenga · Oct 2, 2023 · 3d22aaa · 3d22aaa
1 parent b448623
commit 3d22aaa
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/site/content-security-policy.txt b/app/site/content-security-policy.txt
@@ -1,5 +1,5 @@
 default-src 'self';
-script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://f.ataylor.io https://polyfill.io https://cdn.jsdelivr.net https://giscus.app;
+script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://f.ataylor.io https://polyfill.io https://cdn.jsdelivr.net https://giscus.app;
 style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.bunny.net;
 img-src 'self' data: https://f.ataylor.io;
 font-src data: https://stackpath.bootstrapcdn.com https://fonts.bunny.net https://cdn.jsdelivr.net;