From fdda7b482fc63f94b466daac9933b20dfab8a1c4 Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Wed, 4 Feb 2015 18:22:58 +0100
Subject: [PATCH] Remove unsafe-eval from script-src CSP

---
 config/environment.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config/environment.js b/config/environment.js
index 61f9dbb2..d133112a 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -85,9 +85,7 @@ module.exports = function(environment) {
 
   ENV.contentSecurityPolicy = {
     'default-src': "'none'",
-    // TODO: for some reason unsafe-eval is needed when I use collection helper,
-    //       we should probably remove it at some point
-    'script-src': "'self' 'unsafe-eval'",
+    'script-src': "'self'",
     'font-src': "'self'",
     'connect-src': "'self' https://api.travis-ci.org ws://ws.pusherapp.com wss://ws.pusherapp.com http://sockjs.pusher.com",
     'img-src': "'self' data: https://www.gravatar.com http://www.gravatar.com",