use with wasm-bindgen triggers CSP error

[evq]

Due to let this = Function::new("return this").call(&JsValue::undefined()); I'm currently seeing an error using a sensible CSP:

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'wasm-eval'".

js_sys uses a more involved method to fetch the global object that eventually falls back to the unsafe version.
https://rustwasm.github.io/wasm-bindgen/api/src/js_sys/lib.rs.html#4450-4523

Can either js_sys be added as a dependency or this logic (or a subset) be reproduced here?

[josephlr]

Good find @evq I’m working on a patch to fix this for the bindgen target. I think we should be using js_sys at the very least.