"cypress-axe": "^0.14.0" Blocked by Cors 'unsafe-eval'

[gchales]

Packages:

        "cypress": "^9.7.0",
        "axe-core": "^4.4.2",
        "cypress-axe": "^0.14.0",

Error:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 

Code Triggering Error:

node_modules/cypress-axe/dist/index.js

exports.injectAxe = function () {
    var fileName = typeof (require === null || require === void 0 ? void 0 : require.resolve) === 'function'
        ? require.resolve('axe-core/axe.min.js')
        : 'node_modules/axe-core/axe.min.js';
    cy.readFile(fileName).then(function (source) {
        return cy.window({ log: false }).then(function (window) {

            window.eval(source);  // Triggers Cors error.

        });
    });
};

[djejaquino]

Maybe there is a more secure way of loading axe script?

[TMUND]

Want to add that we are also running into this issue. However, by importing @axe-core/react in our base index.tsx file we are able to run the cy.checkA11y() command without manually doing cy.injectAxe() in the test files.