From ba24af8af49413f880ad7375781adf069233268b Mon Sep 17 00:00:00 2001
From: John Firebaugh <john.firebaugh@gmail.com>
Date: Tue, 2 Jan 2018 12:36:01 -0800
Subject: [PATCH] Remove unsafe-eval from debug page and docs

---
 debug/csp.html                | 2 +-
 docs/components/quickstart.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/debug/csp.html b/debug/csp.html
index 10d1cd258f2..1cfb6533989 100644
--- a/debug/csp.html
+++ b/debug/csp.html
@@ -2,7 +2,7 @@
 <html>
 <head>
     <title>Mapbox GL JS debug page</title>
-    <meta http-equiv="Content-Security-Policy" content="worker-src blob: ; img-src data: blob: ; script-src http: 'nonce-dummy' 'unsafe-eval'; connect-src https://*.tiles.mapbox.com https://api.mapbox.com">
+    <meta http-equiv="Content-Security-Policy" content="worker-src blob: ; img-src data: blob: ; script-src http: 'nonce-dummy'; connect-src https://*.tiles.mapbox.com https://api.mapbox.com">
     <meta charset='utf-8'>
     <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
     <link rel='stylesheet' href='/dist/mapbox-gl.css' />
diff --git a/docs/components/quickstart.js b/docs/components/quickstart.js
index 8a001a6df27..ad419528d90 100644
--- a/docs/components/quickstart.js
+++ b/docs/components/quickstart.js
@@ -136,7 +136,7 @@ export default class extends React.Component {
                             a <a href='https://developer.mozilla.org/en-US/docs/Web/Security/CSP'>Content Security Policy (CSP)</a> to
                             specify security policies for your website. If you do, Mapbox GL JS requires the following CSP
                             directives:</p>
-                        <pre><code>{`child-src blob: ;\nimg-src data: blob: ;\nscript-src 'unsafe-eval' ;`}</code></pre>
+                        <pre><code>{`child-src blob: ;\nimg-src data: blob: ;`}</code></pre>
 
                         <p>Requesting styles from Mapbox or other services will require additional
                             directives. For Mapbox, you can use this <code>connect-src</code> directive:</p>