5

I have deployed Angular Application that uses ExcelJS library on IIS server. My current security policy forces me to return below header in IIS Http Response

content-security-policy: script-src 'self';img-src 'self'

With this setting, angular app is not loading and giving following error.

exceljs.js:87162 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Is there any way to override Http Response security Policy. I tried to add content security policy using But it did not work.

Could anyone please suggest how to run ExcelJS with strict content security policy?

Improve this question

1 Answer 1

Reset to default
2

Resolved by using below Steps:

First include import regenerator-runtime before exceljs import

import 'regenerator-runtime/runtime';
import { Workbook } from 'exceljs';

2nd go to tsconfig.json and include bare version of exceljs path after "compileOnSave":false

"exceljs": [
        "node_modules/exceljs/dist/exceljs.bare.min.js"
]
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.