Hello GoodData :wave: I was trying to set up stric...
# gooddata-ui
Hello GoodData 👋 I was trying to set up stricter content security policy headers and found out that your code, or one of the npm packages you’re using is using
. here’s the error with the stack trace:
Copy code
chunk-Q3OU4L6H.js:67 Uncaught (in promise) EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'unsafe-inline' 'self'.

    at Formatter.createFunction (chunk-Q3OU4L6H.js:67:534)
    at Object.numberFormat (chunk-Q3OU4L6H.js:92:540)
    at NNi (chunk-Q3OU4L6H.js:1910:47324)
    at Object.y9s [as getMeasureCellFormattedValue] (chunk-Q3OU4L6H.js:1910:47509)
    at TFs (chunk-Q3OU4L6H.js:1910:76675)
    at rWi (chunk-Q3OU4L6H.js:1910:76861)
    at chunk-Q3OU4L6H.js:1910:77761
    at Array.forEach (<anonymous>)
    at n (chunk-Q3OU4L6H.js:1910:77685)
    at qFs (chunk-Q3OU4L6H.js:1910:78003)
The offending line of code is:
return eval("(function() { return function(number, context){" + formatCode + "}; })()")
Is the use of eval necessary? Any chance this is fixed in sdk 9?
👀 1
Hi Tomáš, I have good and bad news 🙂 Good news first, the SDK team is aware and working on this as we speak! The bad news being that it's not ready yet, and will still take a little bit of a time to arrive at a solution that works for everyone.
👍 1