No I don't need'unsafe-eval' in the CSP Header for Google Analytics? But maybe for angular.js?
Pontifications
In an earlier post I asked Do I need ‘unsafe-eval’ in the CSP Header for Google Analytics?. The answer is no but I might need it for angular.js:
FROM ngCsp angular documentation:
QUOTE
You can specify which of the CSP related AngularJS features should be deactivated by providing a value for the ng-csp attribute. The options are as follows:
* no-inline-style: this stops AngularJS from injecting CSS styles into the DOM
* no-unsafe-eval: this stops AngularJS from optimizing $parse with unsafe eval of strings
END QUOTE