简体   繁体   中英

ExcelJS: "Uncaught EvalError: 'unsafe-eval' is not an allowed source of script in the following Content" in Angular App

I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response

content-security-policy: script-src 'self';img-src 'self'

With this setting, angular app is not loading and giving following error.

exceljs.js:87162 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Is there any way to override Http Response security Policy. I tried to add content security policy using But it did not work.

Could anyone please suggest how to run ExcelJS with strict content security policy?

Resolved by using below Steps:

First include import regenerator-runtime before exceljs import

import 'regenerator-runtime/runtime';
import { Workbook } from 'exceljs';

2nd go to tsconfig.json and include bare version of exceljs path after "compileOnSave":false

"exceljs": [
        "node_modules/exceljs/dist/exceljs.bare.min.js"
]

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM