Breeze JS errors with Content Security Policy

With Breeze JS and a strict Content Security Policy I get the error Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive.

Is there a way to fallback without 'unsafe-eval' the same way AngularJS does with https://docs.angularjs.org/api/ng/directive/ngCsp?

Solution

Breeze uses Function(string) in order to make constructor functions for entities that have the same name as the entity. This is purely to make debugging easier, and is not an essential feature.

It should be possible to remove the reliance on Function(string) in the next version of Breeze. In the meantime, you can patch your version using:

function createEmptyCtor(type) {
    return function(){};
}

Or minified as in your comment above:

function t(e) { return function(){}; }

Breeze js Paging with expand properties
How to ignore duplicate Breeze SaveChanges calls
Only getting one child observable when I retrieve complete objects graph
Laravel breeze react app, changing AuthenticatedLayout does not take effect
Issue with Crypt Facades on user email in forgot password feature Laravel 11 Breeze Package
How to trigger table update when email is successfully verified on laravel breeze?
Error with postcss.config.js when installing Laravel Jetstream with Livewire
What is the best way for integrating Vue.js in Laravel projects: Inertia.js or Laravel UI?
Npm run dev stuck at APP_URL
Breeze JS Cache Limits?
installation of breeze in laravel 10 gives module error
Laravel: Error in installing laravel breeze
error "Your requirements could not be resolved to an installable set of packages" appears when installing laravel breeze on laravel 9
"EnableBreezeQuery is not an attribute" error message
Laravel Breeze (vue) and Homestead - npm run dev and HMR not working
Matrix-vector multiplication prints java version in stdout
How to change 'users' auth table and use another instead Laravel
BreezeJs Ef Core migration problems
Assign new values in a Breeze entity
TypeScript in combination with BreezeJS
Data won't show on page when postback
display returning value from post
Axios requests front-end instead of server
Problems with BreezeJS + EF Core + Table Valued Functions
Why Laravel error messages are not correct in my app ? = ex: validation.min.string
laravel breeze authentication failed in request file but it's returns authenticated user in controller
Laravel returning email not verified even it is verified
Breeze "IN" operator causes server side error
Deserializing DbGeometry with Newtonsoft.Json
Scala breeze.linalg Densematrix: unable to assign columns