- Issue created by @Emil Stoianov
The module library cookieControlSettings.js is requires unsafe-eval
Enabling the module together with
https://www.drupal.org/project/csp →
generates an error
Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline' https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js” (Missing 'unsafe-eval')
Update the library so it does not require the usage of eval()
Active
4.6
Code
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.