From f9d254b3e18ed97ddd0b6e8c23e94ca159a01829 Mon Sep 17 00:00:00 2001
From: Ry0taK <49341894+Ry0taK@users.noreply.github.com>
Date: Sat, 11 Feb 2023 12:50:03 +0000
Subject: [PATCH] =?UTF-8?q?unsafe-eval=E3=82=92=E5=89=8A=E9=99=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/server/web/ClientServerService.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index a83137f74c..5bc5e1889f 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -176,7 +176,7 @@ export class ClientServerService {
 			// XSSが存在した場合に影響を軽減する
 			// (script-srcにunsafe-inline等を追加すると意味が無くなるので注意)
 			const csp = this.config.contentSecurityPolicy
-				?? 'script-src \'self\' \'unsafe-eval\' ' +
+				?? 'script-src \'self\' ' +
 				'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
 				'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
 			reply.header('Content-Security-Policy-Report-Only', csp);