Skip to content

Using eval for detecting server code throws CSP error #4212

New issue
New issue
Open
Open
Using eval for detecting server code throws CSP error#4212
@shimi-malka-mh

Description

@shimi-malka-mh
shimi-malka-mh
opened on Dec 15, 2025

Import @builder.io/react version 8.2.9 to main index.js and just render it on a browser throws
Content Security Policy of your site blocks the use of 'eval' in JavaScript
even if we are not using any of the builder code and just import the builder module.

the callstack point on this

            try {
                serverOnlyRequire = eval("require")
            } catch (e) {
                serverOnlyRequire = function() {
                    return null
                }
            }

which is using eval for checking if this is server only instead of checking window is undefined first.

Can you fix it please ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions