Angular integration fails due to CSP violation

[jonjul]

Description

We attempted to implement the AsyncAPI React component in an Angular project following the documentation:
“Using in other technologies” → “Using in Angular”
https://github.com/asyncapi/asyncapi-react/blob/master/docs/usage/angular.md

When running the implementation, we encounter the following error

Current Workaround

The component only works if we relax the Content Security Policy (CSP) by adding 'unsafe-eval' to the script-src directive.

Questions / Request for Guidance

• Is there a plan to address this issue so that 'unsafe-eval' can be avoided?
• Is there a recommended workaround that does not require relaxing the CSP?

[github-actions]

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

[cperotAxway]

I use the react component as mentionned here : https://github.com/asyncapi/asyncapi-react/blob/master/README.md#using-in-react and I encounter the same issue. I haven't found any version compatible with CSP that doesn't allow unsafe-eval. I had similar problem with rjsf library but now there's a workaround possible in their latest version https://rjsf-team.github.io/react-jsonschema-form/docs/usage/validation/ by using precompiled validator on backend side. Maybe something like this can be also feasible in asyncapi react ?

[wei123-web]

hii everyone.
From the discussion, it seems this is not an Angular-specific issue but a general CSP limitation of asyncapi-react, due to runtime schema evaluation that requires unsafe-eval.

Similar libraries (e.g. react-jsonschema-form) addressed this by introducing precompiled validators, but that required major architectural changes.

It might be helpful to:

Explicitly document CSP requirements and limitations

Clarify that strict CSP environments are not currently supported

This would help users set correct expectations. Thanks!