I am trying to set CSP headers in my Vue 2.0 app and I have a problem with ‘eval’ policy.
When I use ‘unsafe-eval’ - it’s all working fine. But when I get rid of it (I know I should) my scripts stop working. There are no errors in console. But if I put eval() somewhere in my code (intentionally, for testing) I get error in console.
I searched whole project (including libs) for “eval” and “new Function” but I can’t find any usage of them.
So maybe there are some other functions which meet ‘eval’ rules? I am using Vue, but my code is built with Browserify + vueify.