Hi all,
I am working on a GWT application and facing issues with *Content Security Policy (CSP)*. Currently, GWT uses eval() (or similar dynamic code execution), which means I need to allow *unsafe-eval* in my CSP. Without this, the page does not load at all. This is causing repeated failures in application security scans, since unsafe-eval is considered a security risk. - Is there a way to remove or avoid unsafe-eval in GWT? - Does GWT provide a CSP-compliant compilation mode or configuration to handle this? - If yes, how can I enable it in my project (Maven/GWT config)? Any guidance or best practices to make GWT work with CSP without unsafe-eval would be really helpful. Thanks! -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/google-web-toolkit/006d142f-f80d-4b59-b67c-6bf3327a71d0n%40googlegroups.com.
