Insights Hub Troubleshooting Guide for "Refused to evaluate a string as JavaScript" Error

Developer Tools Applications


Encountering the error message "Refused to evaluate a string as JavaScript because unsafe-eval is not an allowed source of script" during the loading of JavaScript library/components in a web application can be frustrating. This knowledge article provides insights into the possible causes of this error and offers step-by-step instructions to resolve it.


This error typically occurs when the Content Security Policy (CSP) of the web application restricts the use of unsafe-eval for executing JavaScript. The CSP serves as an added layer of security by specifying which resources are allowed to be loaded and executed on a web page.

To resolve the "Refused to evaluate a string as JavaScript" error, follow these steps:
  1. Understand the Cause: The error is triggered due to the CSP directive unsafe-eval not being allowed. This directive is commonly used for dynamically evaluating JavaScript code, and its absence can prevent certain JavaScript functions from executing.
  2. Update Content Security Policy: Modify the Content Security Policy to include the necessary directive for allowing unsafe-eval. Here's an example of an updated CSP directive:
default-src 'self';script-src 'self' 'unsafe-eval';style-src 'self';
Ensure that this updated directive is appropriately configured within the CSP header of your web application.
  1. Test the Changes: After updating the Content Security Policy, thoroughly test the web application to ensure that the error no longer occurs. Verify that all JavaScript functionalities are working as expected.

By following these steps, you can effectively troubleshoot and resolve the "Refused to evaluate a string as JavaScript" error in your web application, ensuring smooth functionality while maintaining security standards.

KB Article ID# KB000128288_EN_US



Associated Components

Developer Cockpit Operator Cockpit