I’ve a Webgl construct created in Unity 2020.3.22f1.
The Content material Coverage appears like this (set to report-only for debugging):
Code (htaccess):
Header set Content material-Safety-Coverage-Report-Solely "default-src 'self' https://dev.mywebsite.eu/ information: blob: https://dev.mywebsite.eu/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://dev.mywebsite.eu/; worker-src blob:; script-src-elem 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://dev.thecell.eu/"
A shopper reported that they cannot permit ‘wasm-unsafe-eval’. Is there the likelihood to omit ‘wasm-unsafe-eval’? Is that simply part of how the webgl builds from Unity work or do we have now any possibility to vary that?
Once I skip the ‘wasm-unsafe-eval’ I get a number of errors:
'didn't asynchronously put together wasm: CompileError: name to WebAssembly.instantiate() blocked by CSP'
and
'CompileError: name to WebAssembly.instantiate() blocked by CSP'
and
'Content material-Safety-Coverage: The web page’s settings blocked WebAssembly (script-src) from being executed as a result of it violates the next directive: “script-src 'self' 'unsafe-inline' blob: https://dev.mywebsite.eu/” (Lacking 'wasm-unsafe-eval' or 'unsafe-eval')
and
'Uncaught (in promise) abort({}) at jsStackTrace@blob:https://dev.mywebsite.eu/de67ac73-7a4e-4d57-bd4e-c6ae621cc261:8:15620'
