Redux-Devtools run fine if I have Inspect Mode and open the Redux tab.
However, when I open remote DevTools I get the following error:
call to Function() blocked by CSP
I am using local (custom) server on port 3000 (Firefox). I tried reinstalling, but it did not fix anything.
Switching to Chrome, I get
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
Looking at my vite.config.ts and index.tsx & index.html, I could not find any recent commit or changes in general.
Where do I start looking? The problem did not exist approximately 3 months ago.
We are using a custom UI Library for the frontend, but it's massive code and I think it has nothing to do with our mono repo configuration. Also nothing changed in the package.json (apart from oidc-client, axios, etc).
CSP is blocking dynamic string evaluation. In your case this seems to be string input to "new Function(...", but this could also happen to eval, setTimeout, setInterval and other functions that evaluate strings as code.
Your best option is to rewrite the code to not do string evaluation.
An option that would make your code work, but insecure, is to add 'unsafe-eval' to the script-src directive as "script-src 'self' 'unsafe-eval'".
Why didn't this happen 3 months ago? Likely because dynamic string evaluation was added, or because a default CSP was added, or the CSP was modified.