From c2c7081dc226e2480381338b9d2404ad0435996b Mon Sep 17 00:00:00 2001
From: "Xin Du (Clark)" <clark.duxin@gmail.com>
Date: Sun, 3 May 2020 20:10:09 +0100
Subject: [PATCH] fix(webpack): use non-eval sourcemap with csp and
 `unsafe-eval` script policy (#7305)

---
 packages/webpack/src/config/client.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/webpack/src/config/client.js b/packages/webpack/src/config/client.js
index d2126cb035..0492fe5cf5 100644
--- a/packages/webpack/src/config/client.js
+++ b/packages/webpack/src/config/client.js
@@ -20,7 +20,14 @@ export default class WebpackClientConfig extends WebpackBaseConfig {
   }
 
   get devtool () {
-    return this.dev ? 'cheap-module-eval-source-map' : false
+    if (!this.dev) {
+      return false
+    }
+    const scriptPolicy = this.getCspScriptPolicy()
+    const noUnsafeEval = scriptPolicy && !scriptPolicy.includes('\'unsafe-eval\'')
+    return noUnsafeEval
+      ? 'cheap-module-source-map'
+      : 'cheap-module-eval-source-map'
   }
 
   getCspScriptPolicy () {