My app is built using Express, cors, and helmet. I have incorporated Vue3 on the client-side only, with the library file being self-hosted in the public folder. To add the module to the client-side, I simply include the following script:
<script type="module" src="/public/lib/vue.esm-browser.js"></script>
The issue I am facing is that when I try to use it, I keep getting an
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'"
. This problem emerged suddenly yesterday, coinciding with my implementation of the helmet and cors modules. Even after commenting out these modules, the error persists. What steps should I take to resolve this?