Issue with CSP Settings in Electron When Using Hoops Communicator


I am currently testing the feasibility of using Hoops Communicator on Electron.

I am using the code from the following repository:

For security purposes, I added the following CSP (Content-Security-Policy) settings in the index.html file, but I encountered an error:

  content="script-src 'self' 'unsafe-inline';"

I found that the ‘unsafe-inline’ setting blocks all functions defined as strings, such as eval() and new Function(). When I changed it to ‘unsafe-eval’, the viewer worked correctly, but this may introduce security issues.

Is there a way to use Hoops Communicator while maintaining security?

Any help would be appreciated.