Cornerstone Codec WASM execution causing CSP issues with unsafe_eval


I’m having issues trying to load some of my images with the Cornerstone viewer, due to Content-Security-Policy restrictions. It seems there is some code within Cornerstone attempting to use unsafe expression evaluation, since the console error I’m getting is Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:. I can get around this by adding unsafe_eval to my CSP but this is obviously not ideal.

Is there a way to configure/initialize Cornerstone in a way that stops these unsafe functions from being attempted? I believe the unsafe code is very closely related to the WASM codecs logic in the Cornerstone source code-- see the attached screenshot of where the error happens in the stack trace.