Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed

[aytacg26]

In the development of our web application, we incorporated React-PDF for the generation of PDF reports. Following the establishment of Content Security Policy (CSP) and the subsequent deployment of the application to the production environment, an issue emerged. Specifically, warnings were encountered, and the generation of any PDF reports within the application ceased. This development has proven to be a notable setback and a source of disappointment.

It is evident that the underlying problem, as indicated by the warning message, pertains to the 'unsafe-eval' restriction within the Content Security Policy directive. This restriction prevents the compilation or instantiation of the WebAssembly module required by the React-PDF renderer. While this challenge may be recognized within the developer community, it is suggested that an upfront warning be prominently featured at the commencement of the React-PDF renderer documentation or webpage. Such proactive communication would assist developers in anticipating and mitigating this issue during the integration of React-PDF into their applications.

Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: wasm-async-web.js:63

[sneko]

@aytacg26 did you succeed solving this with safe rules instead of allowing unsafe-eval?

cc @diegomura if you have any thought on this.

[RiccardoRiggi]

I have the same problem... I opened this: #3043

[sneko]

@RiccardoRiggi since I had a server serving the frontend, I moved the PDF logic generation on it (since the backend was in JS too, it was quite simple).

But it's not a solution for people who wants 100% frontend...