neuron-technologies/neuron-web
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

add unsafe-eval to CSP (El native_js compatibility) #88

Merged
will.anderson merged 1 commits from fix/stage-ci-paths into dev 2026-05-11 16:44:57 +00:00
Conversation 0 Commits 1 Files Changed 1
+3 -3
will.anderson commented 2026-05-11 16:44:46 +00:00
Owner
Copy Link
Copy Source

El runtime native_js() compiles to eval(). checkout-auth.el uses it for all auth logic. CSP was blocking eval, leaving window.showSignIn / window.initStripe undefined and all checkout E2E tests failing.

El runtime native_js() compiles to eval(). checkout-auth.el uses it for all auth logic. CSP was blocking eval, leaving window.showSignIn / window.initStripe undefined and all checkout E2E tests failing.
will.anderson added 1 commit 2026-05-11 16:44:48 +00:00
add unsafe-eval to CSP for El runtime native_js() compatibility
Dev — Build & local smoke test / build-smoke (pull_request) Successful in 3m9s
Details
90f7c3655e 
El's native_js() compiles to eval(). checkout-auth.el uses native_js()
to embed the auth logic, so all window globals (showSignIn, initStripe,
etc.) live inside an eval call. Stage CSP was blocking it, leaving the
page with no auth functions defined.
will.anderson merged commit acca3cfddf into dev 2026-05-11 16:44:57 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
tim.lingo (Tim Lingo) will.anderson (Will Anderson)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: neuron-technologies/neuron-web#88
Delete Branch "fix/stage-ci-paths"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?