Facebook Javascript SDK and CSP

Question

Facebook Javascript SDK and CSP

I am trying to use the Facebook Javascript SDK in my web application that I am protecting with CSP. I added “connect.facebook.net” to my CSP list “script-src” and the SDK is loading.

But it looks like the SDK is trying to evaluate the string as Javascript

_{(source: free.fr )}

How can I use the Facebook SDK without adding "unsafe-eval" to my CSP? Is there a version of this SDK for CSP?

Thank :)

+4

javascript facebook sdk content-security-policy

user1534422 Aug 08 '14 at 5:54

source share

No one has answered this question yet.

See related questions:

7649

How do JavaScript locks work?

7494

How to remove a specific element from an array in JavaScript?

7432

How to check if a string contains a substring in JavaScript?

7287

What does use strict do in JavaScript, and what are the reasons for this?

5722

How to remove a property from a JavaScript object?

5670

Which operator is equal (== vs ===) should be used in comparing JavaScript?

5101

What is the most efficient way to deeply clone an object in JavaScript?

4829

How to include a javascript file in another javascript file?

4380

For each array in javascript?

3842

Create GUID / UUID in JavaScript?

Facebook Javascript SDK and CSP

More articles: