Remove unsafe-eval from debug page and docs

WPMedia · Jan 3, 2018 · ba24af8 · ba24af8
1 parent 315879c
commit ba24af8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/debug/csp.html b/debug/csp.html
@@ -2,7 +2,7 @@
 <html>
 <head>
     <title>Mapbox GL JS debug page</title>
-    <meta http-equiv="Content-Security-Policy" content="worker-src blob: ; img-src data: blob: ; script-src http: 'nonce-dummy' 'unsafe-eval'; connect-src https://*.tiles.mapbox.com https://api.mapbox.com">
+    <meta http-equiv="Content-Security-Policy" content="worker-src blob: ; img-src data: blob: ; script-src http: 'nonce-dummy'; connect-src https://*.tiles.mapbox.com https://api.mapbox.com">
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
     <link rel='stylesheet' href='/dist/mapbox-gl.css' />

diff --git a/docs/components/quickstart.js b/docs/components/quickstart.js
@@ -136,7 +136,7 @@ export default class extends React.Component {
                             a <a href='https://developer.mozilla.org/en-US/docs/Web/Security/CSP'>Content Security Policy (CSP)</a> to
                             specify security policies for your website. If you do, Mapbox GL JS requires the following CSP
                             directives:</p>
-                        <pre><code>{`child-src blob: ;\nimg-src data: blob: ;\nscript-src 'unsafe-eval' ;`}</code></pre>
+                        <pre><code>{`child-src blob: ;\nimg-src data: blob: ;`}</code></pre>
 
                         <p>Requesting styles from Mapbox or other services will require additional
                             directives. For Mapbox, you can use this <code>connect-src</code> directive:</p>