Join the Webstudio community

Updated 2 months ago

Unsafe-eval Error and Lighthouse Charset declaration Issue

At a glance

The community member has published a website using Web Studio and is encountering issues. The main problems are:

1. A Content Security Policy (CSP) error that prevents inline scripts from executing, and the community member does not want to use unsafe-inline or unsafe-eval in the CSP.

2. A Google Lighthouse score of 89 on best practices, partially due to the CSP error and a missing character encoding declaration.

The community members in the comments suggest trying the website in privacy mode, which resolves the CSP error. However, the character encoding declaration issue remains. The community members also ask the original poster to share the project links for further assistance.

There is no explicitly marked answer in the provided information.

Useful resources

Hi,

I've just signed up, selected a template and published. I then visited the url and can see errors in the console.log;

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' chrome-extension://a62064e7-87f0-4435-9f7f-5a2ee6b79330/". Either the 'unsafe-inline' keyword, a hash ('sha256-lbU2xf8sKFm1dCrsJ2t1ps10s7gdmSeM679my0eS9nU='), or a nonce ('nonce-...') is required to enable inline execution.

I will be self hosting and I do not want to allow any unsafe-inline or unsafe-eval in my CSP.

Also, Google Lighthouse is only scoring an 89 on best practises, partially due to the above error and also due to 'Charset declaration is missing or occurs too late in the HTML'.

Any help and clarification on CSP requirements for Web Studio would be greatly appreciated before I take time recreating a website from WP.

Thanks

Steve

O
S
2 comments·1 reply
Hi pls share the project you made via share link
Both builder link and the published site pls. Also please try in privacy mode, the error sounds like an issue with of your extensions.

Thanks, yes the privacy mode resolves the error. but I still have the;

A character encoding declaration is required. It can be done with a <meta> tag in the first 1024 bytes of the HTML or in the Content-Type HTTP response header.

Also please confirm that CSP does not need unsafe-eval or unsafe-inline for a website created via web studio?

https://marketplace-portfolio-bklj4.wstd.io/

https://p-eb903313-9dc1-4d94-8259-d2fcc3b8cf25.apps.webstudio.is/?authToken=a246008f-2cc2-4c0f-a47d-0f3fc8c2ae64&mode=preview