csp: add unsafe-eval directive to allow WASM in all browsers

While Firefox does allow for WASM compilation without such directives, Safari and Chrome do not, so unsafe-eval is the best we can do for now it seems in order to add universal support. Tracking various things [1] that will allow for the use of wasm-unsafe-eval instead. [1] #60
kujenga · Apr 24, 2022 · c94e2c0 · c94e2c0
1 parent 0cd1974
commit c94e2c0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/site/content-security-policy.txt b/app/site/content-security-policy.txt
@@ -1,5 +1,5 @@
 default-src 'self';
-script-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://f.ataylor.io https://polyfill.io https://cdn.jsdelivr.net https://giscus.app;
+script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://f.ataylor.io https://polyfill.io https://cdn.jsdelivr.net https://giscus.app;
 style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com;
 img-src 'self' data: https://f.ataylor.io;
 font-src data: https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://cdn.jsdelivr.net;