Sounds like you're hitting this: https://github.com/gwtproject/gwt/issues/9578
On Friday, 29 August 2025 at 3:35:25 pm UTC+10 Deepali Sharma wrote: > Hi all, > > I am working on a GWT application and facing issues with *Content > Security Policy (CSP)*. Currently, GWT uses eval() (or similar dynamic > code execution), which means I need to allow *unsafe-eval* in my CSP. > Without this, the page does not load at all. > > This is causing repeated failures in application security scans, since > unsafe-eval is considered a security risk. > > - > > Is there a way to remove or avoid unsafe-eval in GWT? > - > > Does GWT provide a CSP-compliant compilation mode or configuration to > handle this? > - > > If yes, how can I enable it in my project (Maven/GWT config)? > > Any guidance or best practices to make GWT work with CSP without > unsafe-eval would be really helpful. > > Thanks! > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/google-web-toolkit/8e0d4b7a-f84d-4a05-858e-988a8f931da6n%40googlegroups.com.
