fix: only permit unsafe-eval for non-production builds

reown-com · Jul 8, 2024 · 0de5329 · 0de5329
1 parent c0da801
commit 0de5329
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/apps/laboratory/next.config.js b/apps/laboratory/next.config.js
@@ -2,7 +2,7 @@
 // Keep in-sync with https://docs.walletconnect.com/advanced/security/content-security-policy
 const cspHeader = `
   default-src 'self';
-  script-src 'self' 'unsafe-inline';
+  script-src 'self' 'unsafe-inline' ${process.env.NODE_ENV === 'production' ? '' : "'unsafe-eval'"};
   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
   img-src 'self' data: blob: https://walletconnect.org https://walletconnect.com https://secure.walletconnect.com https://secure.walletconnect.org https://tokens-data.1inch.io https://tokens.1inch.io https://ipfs.io https://lab.web3modal.com;
   font-src 'self' https://fonts.gstatic.com;