but i wanted to post that I finally found a solution to the problem I had encountered there, and I wanted to share the solution in case any other instance admins run into the same issue.
Uncaught EvalError: call to eval() blocked by CSP Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
- There are two sets of webpack config files included in the mastodon git checkout: in
- development.js has the setting
- production.js by contrast has the setting
eval()statements in the output code, together with a content-security-policy header that allows eval(). (Easier debugging during development)
- The production settings tell Webpack to use no
eval()statements, with a content-security-policy header that disallows eval(). (More secure for production)
- Somehow during mastodon installation, all my files had been compiled in development mode instead of in production mode. But they were getting served in production mode, with the stricter content-security-policy header, making the browser treat the eval()s as illegal.
- delete the old bundle files with
rm -r ~mastodon/live/public/dist/js/*
- (as mastodon user):
- (as root user)
Hope this helps somebody.