fix: update csp headers in bridge ui (#1183)

2026-01-08 03:43:56 -05:00 · 2025-06-18 16:20:30 +02:00
parent 802851970d
commit cfa69b8146
1 changed files with 2 additions and 1 deletions
--- a/bridge-ui/src/middleware.ts
+++ b/bridge-ui/src/middleware.ts
@@ -6,7 +6,8 @@ export function middleware(request: NextRequest) {

  // We only want to allow unsafe-eval in local environment for NextJS dev server
  // We are required to use unsafe-inline with Cloudflare - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
-  const unsafeScript = process.env.NEXT_PUBLIC_ENVIRONMENT === "local" ? "'unsafe-eval'" : "'unsafe-inline'";
+  // TODO: Remove unsafe-eval in production and replace with 'unsafe-inline'
+  const unsafeScript = process.env.NEXT_PUBLIC_ENVIRONMENT === "local" ? "'unsafe-eval'" : "'unsafe-eval'";

  /**
   * Content Security Policy (CSP) configuration: