APIDoc with NodeJS: EvalError while serving documentation page
Question
I'm using APIDoc to generate API documentation of my NodeJS app. I'm facing problem while serving generated index.html page: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'". Screenshot of the problem message here How to solve this error?
I've tried turning off security and sending script-src 'self' in <meta> of this html page. All I need is a working form of this page.
1 answers
solution1
0 2022-03-23 09:53:59
You likely have three choices:
- Add 'unsafe-eval' to script-src, which will make it work, but you won't get the strictest CSP possible (but a lot better than not having a CSP at all).
- If it is your code that includes eval, setInterval, setTimeout or new Function, try to rewrite as suggested here: https://developers.google.com/web/fundamentals/security/csp#eval_too
- If the problems appear in third party code, see if it can be replaced in some way.
Adding another CSP in the meta tag won't help. All policies need to pass and you can only make it stricter by adding another policy.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.