fcl forces us to use a less secure content-security-policy #775
Comments
orodio
added
the
gRPC Adjacent
|
Protobuf issue probably: protocolbuffers/protobuf-javascript#25 |
|
This also seems to be an issue for using fcl from inside of a browser extension. cc: @gregsantos |
|
I have the same problem. Any workaround? |
|
This was merged on Oct 15th and was included in google-protobuf@3.19.1 Updating google-protobuf version to @^3.19.1 should be able to fix this |
|
Hmm ok seems like google-protobuf@3.19.1 still hasn't fixed all CSP unsafe-eval issues |
|
I think REST api is very soon will solve all this problems. |
|
@orodio @gregsantos Any update on this? It is preventing the use of the JS SDK in contexts where it would be very useful, such as Cloudflare Workers and browser extensions. Where can I find information/follow progress on the REST api? |
|
@mikeylemmon The HTTP API has been released on testnet and mainet! https://rest-testnet.onflow.org/v1/ https://rest-mainnet.onflow.org/v1/ The SDK transport modules have moved into their own packages. More details available in the SDK CHANGELOG and on the Docs Site at onflow.org |
Instructions
Please fill out the template below to the best of your ability and include a label indicating which tool/service you were working with when you encountered the problem.
Problem
@onflow/protobufcallsevalin it. this is why my project is forced to allowunsafe-evalin our content-security-policy.Steps to Reproduce
npm installnpm run build && npm run startand expect to see csp errors in the console.fclwas added...npm run build && npm run startand the application will execute.Acceptance Criteria
fcldo not need to allowunsafe-evalContext
n/a
The text was updated successfully, but these errors were encountered: