Add wasm-unsafe-eval

For cases that WebAssembly execution is required but unsafe-eval is too permissive. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution
josh-hemphill · Dec 19, 2024 · 9d6167e · 9d6167e
1 parent 6e2cbc6
commit 9d6167e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/csp.types.ts b/src/csp.types.ts
@@ -29,7 +29,7 @@ type HttpDelineators = typeof httpDelineators[number];
 type UriPath = `${HttpDelineators}${string}`
 
 // Base Source Directives
-export const baseSources = ['self', 'unsafe-eval', 'unsafe-hashes', 'unsafe-inline', 'none', '*'] as const;
+export const baseSources = ['self', 'unsafe-eval', 'wasm-unsafe-eval', 'unsafe-hashes', 'unsafe-inline', 'none', '*'] as const;
 type BaseSources = typeof baseSources[number]
 
 // Combined all source directives