Hi, we are currently integrating the mupdf web viewer into our application and we are encountering 2 Content Security Policy (CSP) issues.
1. It appears that your current minified build has a line where a function is created from a string. I’ve attached a screenshot of this. This triggers a CSP violation unless we enable the ‘unsafe-eval’ directive, which we cannot do for security reasons. Is there a workaround for this?
2. The library appears to create an iframe with inline tags, these are also blocked by our CSP. To allow these to run we would need a configuration option to pass a nonce hash to them. Is there a way to do this already that I have missed or would it be possible to add this?