Unsafe-eval in Vue 3


I am working on a SPA using vue3 that is built using the vue-cli.
Our security team has mandated a strict Content Security Policy that does not allow unsafe-eval. Checked some online forums and it was mentioned that eval is internally by vue framework

Need a solution to remove unsafe-eval from the CSP Headers. Below is the error in console

So, basically you enforce your website to use an optional security rule, and at the same time you don’t want the website to use it? :smiley:

But your SPA, does it really need to contain the Vue template compiler? I imagine the Vue template compiler won’t be used at runtime if you build your Vue SPA first, and then run it. Could that be an option?