Fix CSP for dapps that require eval. (#7867)

* Add allowJsEval to manifest. * Enable 'unsafe-eval' if requested in manifest.
2018-02-15 11:05:20 +01:00
parent 0a34ad50b4
commit 226215eff6
16 changed files with 41 additions and 52 deletions
--- a/dapps/src/tests/fetch.rs
+++ b/dapps/src/tests/fetch.rs
@@ -181,7 +181,7 @@ fn should_return_fetched_dapp_content() {
 	assert_security_headers_for_embed(&response2.headers);
 	assert_eq!(
 		response2.body,
-		r#"D2
+		r#"EA
 {
  "id": "9c94e154dab8acf859b30ee80fc828fb1d38359d938751b65db71d460588d82a",
  "name": "Gavcoin",
@@ -189,7 +189,8 @@ fn should_return_fetched_dapp_content() {
  "version": "1.0.0",
  "author": "",
  "iconUrl": "icon.png",
-  "localUrl": null
+  "localUrl": null,
+  "allowJsEval": false
 }
 0