React app & CSP

What is the best practice to make your React app work when Content Security Policy header is set?
If I set header Content-Security-Policy: script-src 'self'; I get an EvalError because ‘unsafe-eval’ is not allowed. And as I’ve read, enabling ‘unsafe-eval’ and ‘unsafe-inline’ is a very bad practice which should be avoided. So what are my options here? Are using hash or nonce my only options?

1 Like

Did you manage to find a solution to this? I’m searching for the same thing!

Did you find any solutions for this? I have been researching how to apply a safe CSP. And references would be appreciated.