Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script

[Suhail]

With the following content security policy: Content Security Policy directive: "default-src 'self'

The following becomes an issue:

/**
 * @file givenProvider.js
 * @author Fabian Vogelsteller <[email protected]>
 * @date 2017
 */

"use strict";

var givenProvider = null;

// ADD GIVEN PROVIDER
/* jshint ignore:start */
var global = Function('return this')(); // <--- THIS

I think it's important to be able to have strict security policies since XSS can easily become rampant across web pages and have devastating effects on users.

[li-dennis]

This is causing an issue for me as well. I am working on a chrome extension dApp with a similarly strict security policy in its manifest.

[williamchong]

+1 this is causing me an issue when I am working on CSP
Was there a reason that line was written like that in the first place?
Removing it seems totally fine for my application.

[bokysan]

This fix is not good enough: it continues to spam our report logs with errors every time the page is loaded.

Is there any specific reason it can't simply be:

global = window;