From e7402b3feb1184645d2dbc1afaafcea4bb3f0938 Mon Sep 17 00:00:00 2001
From: Gerhard Schlager <mail@gerhard-schlager.at>
Date: Sat, 14 Dec 2019 22:36:39 +0100
Subject: [PATCH] DEV: Allow `unsafe-eval` in development mode

It's needed because of this: https://github.com/discourse/discourse/blob/5f1e346e1622722626e6f10df4363474016b20dd/lib/source_url.rb#L18-L24
---
 lib/content_security_policy/default.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/content_security_policy/default.rb b/lib/content_security_policy/default.rb
index 7a6f1d24a5..d0c8203dd5 100644
--- a/lib/content_security_policy/default.rb
+++ b/lib/content_security_policy/default.rb
@@ -51,6 +51,7 @@ class ContentSecurityPolicy
         "#{base_url}/mini-profiler-resources/",
         *script_assets
       ].tap do |sources|
+        sources << :unsafe_eval if Rails.env.development? # TODO Remove this when we stop using `eval` in development mode
         sources << 'https://www.google-analytics.com/analytics.js' if SiteSetting.ga_universal_tracking_code.present?
         sources << 'https://www.googletagmanager.com/gtm.js' if SiteSetting.gtm_container_id.present?
       end