On adding script-src to the CSP header following error is thrown in the console
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src ".
What is causing this issue and how to resolve? (other than specifying the unsafe-eval for script-src)
