CSP violation #32197
Labels
Status: Unconfirmed
A potential issue that we haven't yet confirmed as a bug
Comments
AnaghaForBike
added
the
Status: Unconfirmed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As per guidelines from security team, framework team wants to enable Content Security Policy (CSP ) at the gateway layer to enforce good web-security practice. In 2412, framework team evaluated the impact of enabling lenient CSP at the gateway layer. As part of this exercise, we enabled CSP in the gateway layer in Report only mode and collected all CSP violations. we found that
node_modules/react-dom/cjs/react-dom-server-legacy.browser.development.js
node_modules/react-dom/cjs/react-dom-server-legacy.browser.production.min.js
node_modules/react-dom/cjs/react-dom-server-legacy.node.development.js
node_modules/react-dom/cjs/react-dom-server.browser.development.js
node_modules/react-dom/cjs/react-dom-server.node.development.js
node_modules/react-dom/umd/react-dom-server-legacy.browser.development.js
node_modules/react-dom/umd/react-dom-server-legacy.browser.production.min.js
node_modules/react-dom/umd/react-dom-server.browser.development.js
is using eval/dynamic function which is flagged as CSP violation. To fix this, we need to replace usage of eval/dynamic function with something safe.
The text was updated successfully, but these errors were encountered: