What is a CSP error in AngularJS 1?

Question

I am trying to create a chrome plugin with AngularJS 1.5 dependencies. In that, I am getting this error.

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:".

I am not able to understand the problem behind this.

The same app is working fine for me on a web app. Why am I getting this error?

Answer 1

Angular 1.5 uses some features that can conflict with certain restrictions that are applied when using CSP (Content Security Policy) rules.

At the header level, mention this.

Also, have a look at Angular ngCSP .