Add note on a Content Security Policy that is WASM-compatible

I was hitting some hard to debug WASM load issues in Chrome because I was using a restrictive CSP:

```html
<meta
  http-equiv="content-security-policy"
  content="default-src 'self'; script-src 'self'; object-src 'none';"
/>
```

This resulted in the following rather confusing WASM load error:

```
Uncaught (in promise) StorkError: Error while loading WASM at /stork.wasm
    at new t (storkError.ts:3:5)
    at wasmManager.ts:33:13
```

Apparently, in Chrome, you have to [add `wasm-unsafe-eval` or `wasm-eval`](https://github.com/WebAssembly/content-security-policy/issues/7) to load WASM:

```html
<meta
  http-equiv="content-security-policy"
  content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'wasm-eval'; object-src 'none';"
/>
```

One bummer is that, as far as I can tell, [this is currently unsupported in Safari](https://bugs.webkit.org/show_bug.cgi?id=197759). Safari requires you to add `unsafe-eval`, which is a no-go and essentially eliminates all safeties of a good CSP.

Can we add this info to the docs for the next person?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add note on a Content Security Policy that is WASM-compatible #248

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add note on a Content Security Policy that is WASM-compatible #248

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions