Module import requires unsafe-eval in script content security policy directive

Moved from GitHub dgraph-js/115

Posted by zangornjak:

I’m trying to import the module in an Electron application with a recommended Content Security Policy of script-src 'self' but it prevents loading of the module with the error below.

It loads if I add 'unsafe-eval' to the policy, but I get reminded of the security risk.

Is there a way around this or should an Electron application use the dgraph-js-http package instead? I’ve read in this blog post that “For many use cases, the difference in performance is negligible”.

Would that apply to an Electron application using a single Dgraph instance locally?

dgraph-js: 20.3.0

prashant-shahi commented :

I would recommend you use to dgraph-js-http instead.

You can check out this sample electron app which makes use of dgraph-js-http client.

zangornjak commented :

Thank you for the fast response and for providing an example I can work off of! :man_dancing:

I was hoping for the dgraph-js-http recommendation to avoid the electron-rebuild and electron@9.0.0-beta.5-6 onwards context aware requirement for grpc which I’d have ran head first into.