Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is unsafe-eval in manifest.json needed? #104

Open
aguynamedben opened this issue Aug 24, 2021 · 3 comments
Open

Is unsafe-eval in manifest.json needed? #104

aguynamedben opened this issue Aug 24, 2021 · 3 comments

Comments

@aguynamedben
Copy link

Thank you for making this boilerplate available. It's been very helpful.

We submitted an extension based on this repo to Microsoft Edge, and we got this recommendation in our feedback:
2021-08-24_15-16-46

Why is unsafe-eval needed in manifest.json? I can't see why it's needed here. There are no eval()s in the codebase.
@aguynamedben
Copy link
Author

Location of unsafe-eval:

chrome-extension-webpack-boilerplate/src/manifest.json

Line 15 in d764ce1

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"

@hexgnu
Copy link

hexgnu commented Nov 15, 2021

When you run yarn build using NODE_ENV=development it will package it up using an eval in webpack. If you try NODE_ENV=production yarn build and remove the unsafe eval it should actually work as expected.

@jcnventura
Copy link

The unsafe-eval needs to be removed in 2022, since Chrome will stop accepting Manifest V2 extensions, and V3 extensions are not allowed to use unsafe-eval in the content_security_policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aguynamedben @hexgnu @jcnventura