diff --git a/lib/csp.js b/lib/csp.js index 08efdd795..74404413c 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -5,8 +5,7 @@ const CspStrategy = {} const defaultDirectives = { defaultSrc: ['\'self\''], - scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', '\'unsafe-eval\''], - // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 + scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net'], imgSrc: ['*'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'], diff --git a/webpack.dev.js b/webpack.dev.js index 7c7edb614..3b0293d69 100644 --- a/webpack.dev.js +++ b/webpack.dev.js @@ -6,9 +6,9 @@ module.exports = [ // merge common config merge(common, { mode: 'development', - devtool: 'eval-cheap-module-source-map' + devtool: 'cheap-module-source-map' }), merge(htmlexport, { mode: 'development', - devtool: 'eval-cheap-module-source-map' + devtool: 'cheap-module-source-map' })]