ExcelJS: "Uncaught EvalError: 'unsafe-eval' is not an allowed source of script in the following Content" in Angular App

Question

I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response

content-security-policy: script-src 'self';img-src 'self'

With this setting, angular app is not loading and giving following error.

exceljs.js:87162 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Is there any way to override Http Response security Policy. I tried to add content security policy using But it did not work.

Could anyone please suggest how to run ExcelJS with strict content security policy?

score 2 · Answer 1 · answered Jun 06 '22 at 03:37

Resolved by using below Steps:

First include import regenerator-runtime before exceljs import

import 'regenerator-runtime/runtime';
import { Workbook } from 'exceljs';

2nd go to tsconfig.json and include bare version of exceljs path after "compileOnSave":false

"exceljs": [
        "node_modules/exceljs/dist/exceljs.bare.min.js"
]

ExcelJS: "Uncaught EvalError: 'unsafe-eval' is not an allowed source of script in the following Content" in Angular App

1 Answers1