Module import requires unsafe-eval in script content security policy directive

diggy · April 27, 2020, 2:47am

Moved from GitHub dgraph-js/115

I’m trying to import the module in an Electron application with a recommended Content Security Policy of script-src 'self' but it prevents loading of the module with the error below.

It loads if I add 'unsafe-eval' to the policy, but I get reminded of the security risk.

Is there a way around this or should an Electron application use the dgraph-js-http package instead? I’ve read in this blog post that “For many use cases, the difference in performance is negligible”.

Would that apply to an Electron application using a single Dgraph instance locally?

dgraph-js: 20.3.0

diggy · April 28, 2020, 2:26pm

prashant-shahi commented :

I would recommend you use to dgraph-js-http instead.

You can check out this sample electron app which makes use of dgraph-js-http client.

diggy · April 28, 2020, 3:27pm

zangornjak commented :

Thank you for the fast response and for providing an example I can work off of!

I was hoping for the dgraph-js-http recommendation to avoid the electron-rebuild and electron@9.0.0-beta.5-6 onwards context aware requirement for grpc which I’d have ran head first into.

Topic		Replies	Views
No default ES module export when using `import dgraph from "dgraph-js"` Dgraph Clients untagged , dgraph-js	2	449	July 11, 2020
ERR_NO_CLIENTS with a DgraphClientStub provided Issues untagged , dgraph-js-http	2	520	July 11, 2020
Problems using dgraph-js-http and dgraph-js with VUE App Development dgraph-js-http , vuejs	3	746	July 11, 2020
Security Vulnerabilities (6124) in Ratel dependent modules Ratel status:accepted , kind:bug , ratel , area:security , ticket:created	0	639	May 17, 2021
Importing Dgraph 1.0.3 as dependency in "dep" Users	3	609	March 15, 2018

Module import requires unsafe-eval in script content security policy directive

Related topics