CSP Error

jeromes54875815

03-08-2018

ERROR EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' assets.adobedtm.com".

    at new Function (<anonymous>)

    at t.init (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:4)

    at Location._satellite.init.pageLoadRules.trigger.arguments (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:4)

    at satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:3

    at satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:3

    at Object.each (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:2)

    at b.executeCustomSetupFuns (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:3)

    at b.$trackPageView (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:3)

    at b.triggerCommand (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:2)

    at b.flushQueueExceptTrackLink (satelliteLib-3083d39de3b1695199f0f543f01765b031bcb8d7-staging.js:3)

Does anyone perhaps have a means to resolve this error?

It seems to fail irrespective of the variant attempted and the biggest issue seems to be the use of unsafe-eval and unsafe-inline.

e.g.

"default-src 'self' 'unsafe-inline' *.adobedtm.com *.sc.omtrdc.net; font-src 'self' data:; img-src 'self' data: *.sc.omtrdc.net;"

or

script-src * data: https://xxxxxxxxxx 'unsafe-eval'; in the content-string to script-src * data: https://xxxxxx 'unsafe-inline' 'unsafe-eval';

Accepted Solutions (0)

Answers (0)