Hi there @jdev 👋
Thanks for reaching out to Woo Support!
We dont want to put unsafe-eval on our csp and this one is causing EvalError on this file ‘/client/blocks/wc-blocks-data.js’
Could you elaborate further on the issue at hand, please, as the full picture is not currently clear, I’m afraid?
Once I hear back from you, I will be happy to investigate this further.
Thank you.
Thread Starter
jdev
(@jdev)
Hi Pepe, thanks for getting back to me.
I hope this link helps: iMwE8Gq.png (1854×380) (imgur.com)
We are securing the website with CSP directives and we’re not allowed to use unsafe-eval. So… Just wondering any work around on this or we can just ignore this one being blocked?
Hi @jdev,
The error you’re seeing is likely due to the Content Security Policy (CSP) blocking the execution of JavaScript in “/client/blocks/wc-blocks-data.js”. CSP is designed to prevent certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
In terms of a workaround, you may consider modifying your CSP to include a ‘nonce’ (number used once) to allow specific inline scripts. However, this might not be ideal as it requires changing the nonce value for every page load.
Alternatively, you could consider opening an issue on our GitHub repo. This way, our developer will know it and can offer a solution.
I hope this provides some clarity. Please let us know if you have any other questions!
