EvalError while ‘unsafe-eval’ disallowed by CSP

Resolved

(@florianbeck)

Hi,

Ninja Form throws EvalError while ‘unsafe-eval’ disallowed by Content Security Policy.

Content-Security-Policy:
Header set Content-Security-Policy: "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content"

Error on all pages with Ninja Form added.

[Error] EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".

	(anonyme Funktion) (underscore.min.js:2:15006)
	template (front-end.js:6198)
	(anonyme Funktion) (front-end.js:6121)
	_renderTemplate (front-end-deps.js:20:22932)
	render (front-end-deps.js:20:22587)
	render
	initialize (front-end.js:5935)
	(anonyme Funktion) (backbone.min.js:2:14146)
	constructor (front-end-deps.js:20:17525)
	constructor (front-end-deps.js:20:22133)
	constructor (front-end-deps.js:21:1428)
	(anonyme Funktion) (backbone.min.js:2:23456)
	(anonyme Funktion) (front-end.js:6144)
	(anonyme Funktion) (underscore.min.js:2:1687)
	onStart (front-end.js:6143)
	(anonyme Funktion) (front-end-deps.js:20:7923)
	start (front-end-deps.js:21:7114)
	(anonyme Funktion) (front-end.js:6220)
	main (front-end.js:315)
	(anonyme Funktion) (front-end.js:389)

I don’t want to use ‘unsafe-eval’. Is there a way to get the form working without touching the CSP?

Thanks,
Florian

Viewing 1 replies (of 1 total)

Plugin Contributor Justin McElhaney
(@jmcelhaney)

4 years, 6 months ago

If you are still having this issue, can you contact our official Ninja Forms support so we can help you troubleshoot this? https://ninjaforms.com/contact/

Viewing 1 replies (of 1 total)

The topic ‘EvalError while ‘unsafe-eval’ disallowed by CSP’ is closed to new replies.