x)- [ ] Regression (a behavior that used to work and stopped working in a new release)
- [x] Bug report -> please search issues before submitting
- [ ] Feature request
- [ ] Documentation issue or request
From release 5.2.2 our Content Security Policy gets violated because unsafe-eval are not allowed.
I think it might be related to this bump: d1462589175a0794d4dfc818c72076483fa34c27

You may have to submit an issue to mozilla/pdf.js instead of here to make progress since this is a problem inside a dependency.
Here is the offending code:
// pdf.js:13152-13154
var g = function () {
return this;
}() || Function("return this")();
In particular the Function constructor is probably triggering the unsafe-eval error. Although, I'm not sure why the regular function assignment before the || is not working for you. The eval should only be run if the first assignment fails (evaluates as a non-truthy value).
Try running the first half of the assignment in your inspector to see if it is an environment issue. Or try something like:
var g = function () {
return 'apples';
}() || Function("return 'bananas'")();
and see what g returns.
Looks like it is going to be resolved with the next release:
mozilla/pdf.js#10387
mozilla/pdf.js#10229
Works with release 5.3.2
@loremaps 5.3.2 was working fine but trying to upgrade to 5.3.4 broke it again.
It's been a really painful experience to figure that out as it was happening within a lazy loaded module and the only error I had was Runtime compiler is not loaded :scream:.
Any idea why it's happening again?
@maxime1992 yes I believe you are also facing this issue: mozilla/pdf.js#11036
Which appears to be an upstream issue of a babel polyfill :unamused:
Yup thanks I commented there!
@loremaps its possible that you remove the dependency and re-add pdfjs-dist as peerDependency?
We can just downgrade the pdfjs dependencies as we need to get a rescue from this issue.
Most helpful comment
Looks like it is going to be resolved with the next release:
mozilla/pdf.js#10387
mozilla/pdf.js#10229