We started using the new Safari Web Extension APIs and are extremely impressed so far. One thing I noticed right away after migrating our Web Extension to Safari is that it appears Safari 14 doesn’t allow us to instantiate WebAssembly without allowing unsafe-eval in our script-src CSP.
Google Chrome currently supports a wasm-eval CSP directive where Firefox doesn’t require any CSP change to use WebAssembly. Are there any plans for Safari to have a special directive, or do you have any pointers on using WebAssembly without also allowing unsafe-eval?
Thank you so much for adding the Web Extension APIs to Safari. This is extremely exciting for us at 1Password!