fix(discussable): added unsafe eval to script src

n3rdc4ptn · n3rdc4ptn · commit 691c39d67d1d · 2025-09-03T16:18:30.000+02:00
diff --git a/server.ts b/server.ts
@@ -95,7 +95,9 @@ fastify.register(helmet, {
   contentSecurityPolicy: {
     directives: {
       'connect-src': ["'self'", 'sdk.openui5.org', sentryHost, dynatraceOrigin],
-      'script-src': isLocalDev ? ["'self'", "'unsafe-inline'", dynatraceOrigin] : ["'self'", dynatraceOrigin],
+      'script-src': isLocalDev
+        ? ["'self'", "'unsafe-inline'", "'unsafe-eval'", sentryHost, dynatraceOrigin]
+        : ["'self'", "'unsafe-eval'", sentryHost, dynatraceOrigin],
       // @ts-ignore
       'frame-ancestors': [...fastify.config.FRAME_ANCESTORS.split(',')],
     },
