From 9d6167e77ea8f1c5cf02b717f1f7918fb0c7b526 Mon Sep 17 00:00:00 2001
From: Yoav Balasiano <yoavbls@gmail.com>
Date: Fri, 20 Dec 2024 01:21:39 +0200
Subject: [PATCH] Add wasm-unsafe-eval

For cases that WebAssembly execution is required but unsafe-eval is too permissive.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution
---
 src/csp.types.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/csp.types.ts b/src/csp.types.ts
index ba3a0ac..302c027 100644
--- a/src/csp.types.ts
+++ b/src/csp.types.ts
@@ -29,7 +29,7 @@ type HttpDelineators = typeof httpDelineators[number];
 type UriPath = `${HttpDelineators}${string}`
 
 // Base Source Directives
-export const baseSources = ['self', 'unsafe-eval', 'unsafe-hashes', 'unsafe-inline', 'none', '*'] as const;
+export const baseSources = ['self', 'unsafe-eval', 'wasm-unsafe-eval', 'unsafe-hashes', 'unsafe-inline', 'none', '*'] as const;
 type BaseSources = typeof baseSources[number]
 
 // Combined all source directives