Hello,
I have a javascript element action that I need to run when a button is clicked. I have created the onclick action on the button and added the necessary JS code to be triggered. My site has a content security policy configured and it appears that when the button is clicked builder tries to execute the JS and attempts to evaluate the JS string as a script. This is blocked by the CSP as string to code evaluation is very insecure.
How can I get around this without explicitly allowing unsafe-eval? Why are JS resources not served from your CDN which could added to my script-src in the CSP?
Stack is Angular 10 with SSR.