Insecure "unsafe-eval" directive used in browser header for riskminder-client.js The issue exists in the 9.1 SP3 (9.1.03). The hotfix to address this issue exists and can be requested via a Broadcom support case. Refer to https://stackoverflow.com/questions/37155270/content-security-policy-csp-safe-usage-of-unsafe-eval. Essentially, usage of eval function is unsafe. Eval function in any application allows any user to execute arbitrary code.
Release : 9.1.x
To request this version of riskminder-client.js please file a support case and reference this KB article #260470. The name of zipped riskminder-client.js file to request via a support case is - Symantec-AdvAuth-9.1.03-DE554783-HotFix.zip. Also, kindly note 9.1 SP4 (9.1.04) to be released End of March 2023 will provide an updated riskminder-client.js as part of new client binaries that will be released then.